Oracle is reportedly dealing with a cloud data breach, privately informing affected customers
while publicly denying that any incident occurred in its current Oracle Cloud systems. The breach came to light after a hacker known as ‘rose87168’ offered to sell what they claim are millions of lines of data from over 140,000 Oracle Cloud tenants, including encrypted credentials. Initially, the hacker tried to extort $20 million from Oracle but later offered the stolen data for sale or trade in exchange for zero-day exploits.
Despite Oracle’s public statement— “There has been no breach of Oracle Cloud”—the hacker provided various forms of evidence to support their claims. These include a sample of 10,000 customer records, access links to Oracle systems, credentials, and even a video allegedly recorded during an internal Oracle meeting. Independent security firms have verified that the data appears legitimate and tied to a live production environment.
According to Bloomberg, Oracle has been discreetly contacting affected customers to confirm a breach involving usernames, passkeys, and encrypted passwords. While Oracle reportedly told customers that the compromised environment was a legacy system unused for over eight years, other sources indicated that some of the exposed data dates back to 2024.
Cybersecurity firm CyberAngel, citing an unnamed source, stated that only older ‘Gen 1’ Oracle Cloud servers were impacted, not the newer ‘Gen 2’ systems. The attacker allegedly exploited a 2020 Java vulnerability to install a webshell and malware that targeted Oracle’s identity management database, extracting sensitive information. The breach may have gone undetected from January 2025 until late February, when Oracle began investigating following a ransom demand in early March.
Cybersecurity researcher Kevin Beaumont reported that affected customers are being informed verbally, without formal written notices. He criticized Oracle’s handling of the situation, accusing the company of using misleading terminology—referring to the breached environment as “Oracle Classic” instead of “Oracle Cloud”—to deflect blame and maintain public confidence.
Adding to Oracle's woes, an unrelated breach has reportedly impacted Oracle Health. According to Bleeping Computer, patient information from several U.S. healthcare organizations may have been compromised in that incident.
While Oracle continues to maintain that there has been no breach of its cloud services, mounting evidence and reports from multiple security researchers suggest otherwise. Critics are calling for greater transparency and accountability from the company to clarify what happened, how customers are affected, and what steps are being taken to address the breach.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
