Hackers Claim to Have Stealed 6 Million Records from Oracle; Company Denies Hack

Hackers claim to have stolen 6 million records from Oracle Cloud’s federated SSO login servers. The company denies the breach and says no customers were harmed.

An attacker nicknamed rose87168 published data allegedly stolen from Oracle Cloud on the hacker forum BreachForums. The hacker writes that he is ready to sell the data or exchange it for 0-day exploits.

rose87168 backed up his claims by publishing several text files with sample data from the database, LDAP information, and a list of companies that were allegedly affected by the leak.

According to the hacker, the data was stolen during a breach of the login.(region-name).oraclecloud.com servers and includes encrypted SSO passwords, Java Keystore (JKS) files, key files, and JPS keys for the enterprise manager.

As further evidence of access to Oracle Cloud servers, the attacker provided Bleeping Computer with this Internet Archive link , which shows rose87168 uploading a text file with a ProtonMail email address to the login.us2.oraclecloud.com server.