Security Week

Oracle Denies Cloud Breach After Hacker Offers to Sell Data

Eduard Kovacs Published: March 24, 2025 | Updated: March 24, 2025 2 min read

Oracle has denied that its systems have been breached after a hacker offered to sell millions of data records allegedly stolen from the company.

A hacker using the online moniker ‘rose87168’ announced recently on a popular hacking forum the sale of data allegedly associated with over 140,000 Oracle Cloud tenants.

The hacker claims to have obtained six million lines of data, including SSO and LDAP passwords. However, the passwords are encrypted and the threat actor said they were unable to crack them.

Cloud security firm CloudSEK, which has analyzed the hacker’s claims, believes that the attack could have been carried out through the exploitation of a known Oracle product vulnerability, such as CVE-2021-35587, which impacts Oracle Fusion Middleware.

However, Oracle has categorically denied an Oracle Cloud breach.

“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.” an Oracle spokesperson told SecurityWeek on Monday morning.

In response to Oracle’s denial, the hacker published a post on the X social media platform, pointing to a link apparently showing that they were able to upload a text file containing their email address to Oracle Cloud systems. The file has been removed, but it was saved in a Wayback Machine snapshot captured on March 1.

It’s possible that there was some sort of breach of Oracle systems that the tech giant has yet to identify. It’s also possible that the hacker did obtain some Oracle Cloud data, but from a third party.

Advertisement. Scroll to continue reading.

There is also the chance that the data is fake. It’s not uncommon for hackers to fabricate data leaks, and it’s also not unheard of for a hacker to use tricks to show an apparent level of access that is not as deep as they claim.