Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/
Source: Hacker News
Title: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The text describes a dispute regarding Oracle Cloud’s denial of a security breach after an infosec researcher claims that sensitive data, including customer security keys and credentials, has indeed been compromised and is genuine. This incident raises concerns about the vulnerability of cloud infrastructure and the potential consequences of data theft.
Detailed Description:
– Oracle Cloud is facing allegations of a breach that the company has publicly denied. However, evidence from an infosec researcher suggests otherwise.
– A researcher known as rose87168 claims to have stolen sensitive data from Oracle, including approximately six million records containing customer security keys and encrypted credentials.
– Sent samples of the data to Alon Gal, the CTO of Hudson Rock, who subsequently verified with multiple affected customers that the leaked data appears authentic:
– Three out of several customers confirmed that their user data is included in the stolen sample.
– One customer reaffirmed the legitimacy of the data, noting its origin is from a production environment.
– Oracle’s official stance is denial of any breach, insisting that the credentials published do not belong to Oracle Cloud and that no customer data was lost.
– The alleged breach may have exploited a vulnerability (CVE-2021-35587) in Oracle Access Manager, which raises concerns regarding Oracle’s patching practices.
– CloudSEK, another infosec entity, corroborated the credibility of the information based on the structure and volume of the leaked data.
– Potential repercussions of the breach could involve cybercriminal activities like supply chain attacks or ransomware due to the sensitive nature of the stolen credentials.
– While sensitive passwords are encrypted, rose87168 has not been able to break those hashes and is offering the leaked data to others in exchange for monetary compensation or zero-day exploits.
– Cybersecurity experts recommend that organizations suspecting they may be affected should take immediate actions such as rotating SSO and LDAP credentials and enforcing strong password policies and multi-factor authentication (MFA).
– Implementing an incident response plan is also advised to investigate possible unauthorized access.
This incident exemplifies critical vulnerabilities within cloud infrastructure and the importance of maintaining robust security measures to safeguard sensitive data. The ongoing situation with Oracle Cloud underscores the need for continuous vigilance in protecting against data breaches within the cloud computing landscape.