A threat actor operating under the alias “rose87168” has allegedly breached Oracle Cloud, claiming to have stolen approximately 6 million sensitive records, including encrypted passwords, authentication data, and key files. The claims were made in a post on a dark web forum.
The threat actor is allegedly offering the stolen data for sale and has reportedly attempted to extort affected organizations. While Oracle has officially denied any breach, cybersecurity researchers and the threat actor’s own posts suggest that unauthorized access may have occurred, potentially affecting over 140,000 Oracle Cloud tenants worldwide.
The threat actor claims to have exfiltrated the following sensitive information from Oracle Cloud:
- Java KeyStore (JKS) files
- Encrypted Single Sign-On (SSO) passwords
- Encrypted Lightweight Directory Access Protocol (LDAP) passwords
- Enterprise Manager JPS keys
A sample data shared by rose87168:
If verified, these records could be critical for authentication and security within Oracle Cloud systems.
Disputed Claims and Oracle’s Denial
Despite the threat actor’s claims, Oracle has categorically denied that its cloud systems were compromised. The company maintains that no Oracle Cloud customer data was stolen and that the leaked credentials are unrelated to its services.
