Oracle denied an introduction to the allegations submitted by Siscreant that its cloud presentation had endangered and stole the information.
A fraud was announced late last week in an online forum on the Internet, which was claimed to be the keys to Oracle Cloud and other sensitive data passed from the IT giant. It was said that this material was obtained by Miscteant from at least one of the login servers to the cloud provider (SSO) by exploiting a security vulnerability.
Oracle says this is not true.
“There was no violation of Arokl Claude,” said registration spokesman on Friday.
“The published accreditation data is not dedicated to Oracle Cloud. There are no Oracle Cloud customers who have suffered from a breach or a loss of any data.”
Meanwhile, as men noticed in Bleeping, Miscreant boasted about creating a text file on Oracle Cloud, specifically login. Us2.raclecloud.com, which was captured here by the Internet Archive in early March, as evidence that the systems were at risk.
This file simply contains a person's email address who is trying to sell what is said to be the stolen Oracle Cloud data. We have requested Oracle for more clarification or explanation. It is claimed that the information has been unloaded from the Sign Sign Sign Server as the US2 login server. Samples of the alleged stolen information were also shared by the investigators.
Looking at the Wayback device, we can see that the US2 server was recently like February 2025 that runs a form of Oracle Fusion MiddleWare 11g.
The CloudSek Group believes that the server may not have been corrected to close Cve-2021-35587, a well-known security vulnerability in Oracle Access Manager in Fusion Middleware, specifically his OpenSO agent.
The exploitation of this error – which can be done via HTTP without approval – is likely to allow infiltrators to the type of information offered for sale this week. There is a general exploitation symbol of defects.
On Thursday, six million records of Java Keystore files for Oracle Cloud, which contain safety and key certificates; Erracle Cloud SSO encrypted words; Codable LDAP passwords; Enterprise JPS KEYS director; And other information stolen from the cloud provider, has risen for sale on Breachforums by an unknown Internet user named Rose87168. It is said that customers who are likely to be affected in thousands.
The price of this information has not been revealed, as much as we can say, and the seller also accepts the exploits of the zero day as payment. Rose87168 is said to have contacted Oracle almost a month ago to inform the database giant to steal alleged data, and wanted more than $ 200 million in the encrypted currency in exchange for details about the stealing of the claim, and it was rejected.
Miscreant also requested help to decode encrypted credentials.
“SSO passwords have been encrypted, and they can be decoded with available files,” Hoodlum also claimed on the Internet in Breachforums. “LDAP is also cracking. I couldn't do this, but if someone can tell me how to break it, I can give them some data as a gift.”
In addition, the potential thief shared a list of the areas of all companies that caught the rejected security breach, and noted that Oracle customers apparently could “pay a specific amount to remove the information of their employees before selling it.” ®
More developments here: There may be 10,000 reasons for denying Oracle Claude breach
