Hacker News: Oracle customers confirm data stolen in alleged cloud breach is valid

Mar 26, 2025

—

Source URL: https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/
Source: Hacker News
Title: Oracle customers confirm data stolen in alleged cloud breach is valid

Feedly Summary: Comments

AI Summary and Description: Yes

Summary: The text discusses a potential data breach involving Oracle Cloud servers where a threat actor claims to have stolen account data for 6 million users. Oracle denies the breach, but confirmations from multiple companies validate the leaked data, leading to significant implications for cloud security and identity management.

Detailed Description:
The incident involving Oracle Cloud highlights critical issues surrounding cloud security and potential vulnerabilities in Single Sign-On (SSO) implementations. The claims made by the threat actor (‘rose87168’) and the subsequent validation of data by other companies raise important considerations for security and compliance professionals, particularly in how organizations manage user authentication and respond to breaches.

Key Points:
– **Claim of Breach**: The threat actor alleges they compromised Oracle Cloud’s federated SSO login servers, claiming to possess authentication data for 6 million users.
– **Data Validity**: Independently verified information indicates that the data shared by the attacker is authentic, contradicting Oracle’s public denial of the breach.
– **Threat Actor’s Evidence**: The hacker provided multiple text files, including LDAP data and a list of impacted domains. They also shared emails purportedly exchanged with Oracle’s security team, suggesting a blatant security vulnerability was utilized for the breach.
– **Vulnerability Exploitation**: An identified vulnerability (CVE-2021-35587) in Oracle Fusion Middleware 11g was mentioned as a possible entry point for the breach. This showcases the importance of patch management and the need for consistent vulnerability assessments.
– **Company Responses**: Several companies confirmed the authenticity of the breached data but opted to remain anonymous, indicating a sensitivity surrounding data breaches and corporate reputations.

* Practical Implications:
– Organizations utilizing cloud services must ensure robust identity verification and response protocols are in place.
– Continuous monitoring and immediate incident response capabilities are essential for organizations to manage and mitigate potential breaches.
– This incident raises awareness about the security of SSO systems and the necessity for comprehensive password management practices.
– It highlights the need for transparency in reporting security incidents while maintaining compliance with data protection regulations.

This incident emphasizes the necessity for cloud providers and enterprises alike to prioritize security in operations and the importance of vigilance against evolving cyber threats.

1 2 3 5 7 a account Act AI and art as assessment attack authentication Authentication Data authenticity awareness breach breaches by C capabilities Cloud Cloud Provider cloud providers cloud security cloud server cloud servers cloud service cloud services co Col companies compliance compliance professionals compromised compute computer continuous monitoring critical Customer CVE cyber cyber threat cyber threats D data data breach Data breaches Data Protection data protection regulations de denial domain domains e email end enterprise enterprises ERP exp exploit Exploitation for g H hack hacker Hacker News high Highlight HR http HTTPS identity identity management identity verification implementation implications in incident incident response incident response capabilities information k Key l led Lee Li man management media middleware Monitor monitoring multi N news no non o of on one operation opt Oracle Oracle Cloud organization organizations out password management Patch Patch Management point porting potential practical implications pre professionals protection protocol protocols public Q R rate RCE red Regulation regulations report reporting reputation response response capabilities responses Ro RoT s sec security security and compliance security incident security incidents security vulnerability sensitivity server servers service services SHA side Sig single single sign single sign-on Single Sign-On (SSO) source SSE SSO system systems T text the threat threat actor threats to Tor TP transparency US use user user authentication Users uth V val Validation verification vigilance vulnerabilities vulnerability vulnerability assessment vulnerability assessments Vulnerability Exploitation Ware Wi x