Oracle data security was reported last week, and the Goliath database is not only reluctant to recognize disasters publicly – the evidence network may also be cleaned.
On March 20, 2025, the Internet user is claimed using the Rose87168 handle that he has reached at least the entry system for giant cloud customers in the United States, allowing them to pass what is said to be six million records-copies of the encrypted subscriber participants (SSO), encrypted LDAP passwords, and more security certificates.
Oracle quickly denied its networks and customers were at risk.
“There was no violation of Arokl Claude,” said a registration spokesman on Friday, March 21st.
Then Internet users sent evidence in the form of a sample of 10,000 lines, which was said to have been stolen by Oracle to Alon Gal, co -founder and CTO at the Hudson Rock Security Store.
GAL said that he provided this information to some Oracle clients, who confirmed that they appear legitimate, as their own data were expensive to Oracle, yet they were now in the hands of others.
Evidence included a database extract containing personal information for customer employees, LDAP records, and a list of supposed affected companies.
Almost at the same time, the InfoseC Cloudsek Group has published an analysis of the alleged security breach and concluded that the sample data is compatible with real customer production systems. According to the biz, infiltration, which includes the Oracle SSO service, affects thousands of tenants.
According to Orca Security, as well as CloudSek, the abuse of CVE-2021-35587 included “easily exploitable vulnerability (that) an unprovated striker with access to the HTTP network for the Oracle access manager.” A reform of this error was issued by the technology giant in early 2022.
Thus, it is alleged that Oracle has not cleared a known hole for years in the intermediate programs facing the year on its SSO servers for its cloud service, allowing someone to enter and seize the customer's sensitive customer data.
Meanwhile, Big Red was said to tell the Oracle Health customers that the patient's data may have been taken by unknown attackers online. BIZ is said to have sent a message to some health care customers about an accident on February 20 or about 2025, where stolen credentials were used to access customer data.
According to Reuters, the FBI is investigating the accident.
On Monday, he asked the comment, Oracle has not yet responded.
Here the claims come …
Today, Oracle (PDF) has been prosecuted for neglect and violating because of its alleged failure to properly secure its systems and notify customers in a timely manner.
The case at the federal level, presented in West Texas, seeks to obtain a collective situation, and targets both cloud and health security violations. It requires damage, costs and promises from Oracle to better protect its customers, data and computers.
On Monday, Gal wondered about the continuous silence of Oracle in the LinkedIn post, and said that Rose87168 may take more measures to show a compromise in Oracle Cloud.
“With the absence of a word from Oracle yet … Rose87168 indicates that it moves to a new stage, and perhaps selling or leaking data,” Gal said. “Oracle has denied very crazy this leakage independently by many cyber security companies.”
Oracle is trying Wordsmith phrases about Oracle Cloud and the use of very specific words to avoid responsibility
The Infose Kevin Beaumont expert also dismantled Oracle for his alleged Oracle Cloud Breach, noting that the company seems to divide hair by distinguishing between Oracle Cloud and Oracle Class Classic.
This means that the United States Super-Corp claims that Oracle Cloud has not infiltrated, although this leaves the door open to Oracle Cloud Classic is the specific product that has been penetrated. Discrimination without difference: Part of the Oracle Public Cloud showed, according to Rose87168 and others.
“Oracle is trying to express the Wordsmith phrases about Oracle Cloud and use very specific words to avoid responsibility,” Bouont wrote. “This is not fine. Oracle needs to communicate what happened clearly and publicly, and how this affects customers, and what they do about it. This is a matter of confidence and responsibility.
Boomont and Jake Williams, another security researcher, appears to be both Oracle who claimed that he used to exclude the archiving of the Internet machine for the Internet to flow off offside.
Rose87168 left a text file on a login systems to Oracle for its cloud service as evidence that they were there; The file contained the Tetizen's own email address, and it was only an infiltrator or the interior has placed the file there. This text file was visible to the world, and its index with a Wayback here, although this document has been removed upon request.
It is still possible to find a copy of it here, by a little URL, from pickin.us2.raclecloud.com on March 1, a full month before. ®
Do you know what the result is? Let's know, with confidence.
