The Register: There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial

Mar 25, 2025

—

Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/
Source: The Register
Title: There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial

Feedly Summary: Customers come forward claiming info was swiped from prod
Oracle Cloud’s denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider’s login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.…

AI Summary and Description: Yes

Summary: The recent dispute over Oracle Cloud’s claim of no security breach highlights potential vulnerabilities and customer data risks. An infosec researcher asserts that evidence suggests compromised login servers and genuine stolen data, raising concerns for security professionals managing data integrity and access control.

Detailed Description:
The text discusses a disputed security incident involving Oracle Cloud, where an infosec researcher claims that Oracle’s denial of a breach contradicts accounts from several impacted customers. Here are the significant points of interest:

– **Claims of a Security Breach**: A researcher, identified as rose87168, asserts that approximately six million records, including customer security keys and encrypted credentials, were stolen from Oracle Cloud’s login servers.
– **Customer Confirmation**: Multiple customers of security firm Hudson Rock confirmed that the leaked data includes sensitive information belonging to their users, indicating potential validity to the breach claims.
– **Oracle’s Denial**: Oracle has categorically denied any breach and claims that the published credentials are unrelated to Oracle Cloud and that no customers lost data.
– **Exploitation of Vulnerabilities**: Alleged exploitation of CVE-2021-35587, a critical vulnerability in Oracle Access Manager, is highlighted as the possible entry point for the attacker, raising questions about the company’s patching practices.
– **Nature of Leaked Data**: The leaked information is extensive and structured, making fabrication improbable, according to experts from CloudSEK.
– **Potential Impacts**: Should the data prove authentic, it could lead to significant cybersecurity threats, including supply chain attacks, ransomware, and identity theft, given the nature of the stolen credentials.
– **Recommendation to Organizations**: Experts recommend that affected organizations rotate their SSO and LDAP credentials, reinforce strong password policies, and consider implementing multi-factor authentication (MFA).
– **Incident Response Guidelines**: Companies are advised to activate their incident response plans to detect unauthorized access or intrusions.

This incident underscores the importance of proactive security measures, patch management, and established protocols for addressing potential breaches in cloud environments, making it pertinent for professionals engaged in AI, infrastructure, and security compliance.

1 10 2 2025 3 5 7 a access access control account Act AGI AI and Arch as attack attacks authentication breach breaches C CERN chain chain attack chain attacks CleaR Cloud cloud environment cloud environments Cloud Provider co Col companies compliance compromised concerns control core credential credentials critical critical vulnerability Customer customer data CVE cyber cybersecurit Cybersecurity cybersecurity threat cybersecurity threats D data data integrity database de denial digital e end environment exp expert Experts exploit Exploitation fact factor authentication factor authentication (MFA) for g Gen GIS git Go guidelines H high Highlight HR http HTTPS identity identity theft in incident incident response incident response plan incident response plans information infosec infrastructure integrity inter Iron k Key keys l led Li long making man management MFA multi multi-factor authentication Multi-Factor Authentication (MFA) N no o of on Oracle Oracle Cloud organization organizations out over password policies Patch Patch Management patching patching practices point policies potential proactive proactive security proactive security measures professionals protocol protocols question R raising ransom ransomware RCE red research response Response Plan Risk risks Ro Rock RoT s search sec security security breach security compliance security firm security incident security keys security measure security measures security professionals security threat security threats sensitive information server servers side Sig source SSE SSO stolen credentials stolen data structured supply supply chain supply chain attack supply chain attacks T text the theft threat threats to Tor TP UI unauthorized access under up update US use user Users uth V val vulnerabilities vulnerability Ware Wi x