Ethical Hacking News
Oracle Cloud's denial of a digital break-in is now in clear dispute as experts question the company's security expertise amid allegations of data theft. The situation highlights the ongoing struggle between cloud providers and cyber threats, emphasizing the need for robust security protocols and prompt incident response planning.
The Oracle Cloud has been accused of a security breach, with an information security researcher claiming unauthorized access to login servers and stealing sensitive data. A third party customer confirmed that the stolen data was genuine and originated from a production environment dating back to 2023. Experts point out that Oracle Cloud has denied any breach, stating that the published credentials are not for the Oracle Cloud, and that no Oracle Cloud customers experienced a breach or lost any data. The alleged thief demonstrated their access to the login server by creating a text file on a public-facing Oracle-owned web server, which contained their email address. Experts recommend rotating SSO and LDAP credentials, ensuring strong password policies and Multi-Factor Authentication (MFA), and triggering an incident response plan to mitigate potential damage.
The Oracle Cloud, a leading provider of cloud computing services, has found itself at the center of a growing controversy surrounding allegations of a security breach. The company's denial of such claims has been met with skepticism by experts in the field, who point to emerging evidence that suggests otherwise.
According to reports, an information security researcher named rose87168 claimed to have gained unauthorized access to Oracle Cloud's login servers and stolen sensitive data, including customer security keys, encrypted credentials, LDAP entries, and other sensitive information. The alleged thief even offered a sample of the collected data to Alon Gal, co-founder and CTO at security shop Hudson Rock.
Gal took the sample and reached out to multiple Hudson Rock customers who appeared to be affected by the breach. Three customers have since confirmed that the data handed to them by rose87168 from Oracle Cloud's internal systems is genuine. One customer claimed its users were in the sample set, and had access to sensitive information. Another concurred, stating that the data was legitimate and originated from a production environment dating back to 2023.
A third Hudson Rock customer said their users and tenant IDs matched those in the sample, and that they were used in their production environment. These claims have raised concerns among experts, who point out that Oracle Cloud has denied any breach, stating that the published credentials are not for the Oracle Cloud, and that no Oracle Cloud customers experienced a breach or lost any data.
The alleged thief also demonstrated their access to the login server by creating a text file on a public-facing Oracle-owned web server, which contained their email address. This action was seen as proof of their intrusion and theft. Information security outfit CloudSEK speculated that rose87168 appeared to have exploited CVE-2021-35587, a critical vulnerability in Oracle Access Manager, which would have given the miscreant access to the kinds of credentials and other data said to have been siphoned.
CloudSEK's analysis concluded that the volume and structure of the leaked information made it extremely difficult to fabricate, reinforcing the credibility of the breach. If the data is genuine, as some experts suggest, the potential consequences for organizations affected by the breach would be severe.
With access to sensitive data such as customers' digital security certificates and keys, Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) passwords, cyber-criminals could potentially carry out supply chain and ransomware attacks. The SSO and LDAP passwords are encrypted, but experts advise organizations with affected users to rotate their SSO and LDAP credentials, and ensure strong password policies and Multi-Factor Authentication (MFA) are in place.
Experts also recommend triggering an incident response plan to check whether any unauthorized intrusions have taken place. As the situation continues to unfold, Oracle Cloud's handling of the breach has come under scrutiny. The company has yet to provide a comprehensive explanation for its initial denial of the breach claims and has not responded to requests for comment on this story.
The alleged breach highlights the ongoing struggle between cloud providers and cyber threats. With more organizations shifting their operations to the cloud, the risks associated with such services have increased significantly. It is essential for companies like Oracle Cloud to prioritize security measures and be transparent about their breach response strategies.
As experts continue to analyze the evidence surrounding this incident, one thing becomes clear: The alleged breach of Oracle Cloud has significant implications for organizations that rely on the service. The breach highlights the need for robust security protocols and prompt incident response planning to mitigate potential damage.
In conclusion, the controversy surrounding Oracle Cloud's alleged breach raises questions about the company's security expertise. As experts continue to scrutinize the evidence, it is essential for the organization to provide clear explanations and demonstrate a commitment to protecting its customers' sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/Oracle-Cloud-Breach-Denial-Under-Scrutiny-Experts-Question-Security-Expertise-Amid-Allegations-of-Data-Theft-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/25/oracle_breach_update/
https://nvd.nist.gov/vuln/detail/CVE-2021-35587
https://www.cvedetails.com/cve/CVE-2021-35587/
Published: Mon Mar 31 14:40:59 2025 by llama3.2 3B Q4_K_M
