Ethical Hacking News
Oracle has been accused of pedantry in its handling of reported security breaches on its cloud and health services, sparking calls for greater transparency and accountability from the IT giant.
Oracle has been accused of pedantry in its handling of reported security breaches on its cloud and health services. Two Oracle data security breaches have been reported, with a netizen claiming to have accessed six million records from cloud customers' login systems. Despite Oracle's denials, various cybersecurity firms have confirmed that the evidence presented is legitimate. The breach highlights concerns about Oracle's commitment to securing sensitive customer data and its transparency in handling security incidents.
In a shocking turn of events, Oracle has been accused of pedantry in its handling of reported security breaches on its cloud and health services. The IT giant's reluctance to acknowledge the disasters publicly, coupled with allegations that it may be scrubbing the web of evidence, has left many in the cybersecurity community reeling.
According to reports, two Oracle data security breaches have been reported in the past week. On March 20, 2025, a netizen using the handle rose87168 claimed to have accessed at least two login systems for the IT giant's cloud customers, allowing them to swipe what's said to be six million records – copies of subscribers' encrypted single-sign-on (SSO) passwords, encrypted LDAP passwords, security certificates, and more.
Oracle quickly denied its networks and clients had been compromised. However, when presented with evidence by Alon Gal, co-founder and CTO at security shop Hudson Rock, the company's spokesperson claimed that the published credentials were not for the Oracle Cloud. The spokesperson also stated that no Oracle Cloud customers experienced a breach or lost any data.
Despite Oracle's denials, various cybersecurity firms have confirmed that the evidence presented is legitimate. CloudSEK published an analysis of the purported security breach and concluded that the sample data corresponds to the production systems of real customers. According to Orca Security as well, the break-in involved the abuse of CVE-2021-35587, an "easily exploitable vulnerability [that] allows [an] unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager." A fix for that bug was released by the tech giant in early 2022.
The analysis revealed that Oracle did not patch a known years-old hole in its own public-facing middleware on its own production SSO servers for its own cloud service, allowing someone to swoop in and grab sensitive customer data. This raises serious questions about the company's commitment to securing its customers' information.
Oracle Health customers have also been affected by the breach. According to Reuters, the FBI is investigating an incident that occurred on or around February 20, 2025, in which stolen credentials were used to access customer data. The company has told some healthcare customers that patient data may have been taken by unknown online attackers.
In response to the breaches, Oracle has yet to comment on the allegations. However, experts are urging the company to be more transparent and forthcoming about its handling of these incidents. "Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility," wrote Kevin Beaumont, an infosec expert. "This is not okay. Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they’re doing about it. This is a matter of trust and responsibility. Step up, Oracle – or customers should start stepping off."
Furthermore, experts have alleged that Oracle may be using the Internet Wayback Machine's archive exclusion process to scrub evidence of the intrusion. rose87168 left a text file on one of Oracle's production login systems for its cloud service customers as proof they were there; the file contained the netizen's private email address, and only an intruder or rogue insider could have placed the file there.
The allegations against Oracle raise serious concerns about the company's ability to secure sensitive customer data. The breach highlights the need for greater transparency and accountability from tech giants when it comes to data security incidents. As one cybersecurity expert noted, "This is not just a matter of technical fix; this is about trust and responsibility."
In conclusion, the recent Oracle Cloud security breaches have highlighted the company's lack of transparency and accountability in its handling of these incidents. The allegations that Oracle may be scrubbing evidence of the breach only add to the growing concerns about the company's commitment to securing sensitive customer data.
Related Information:
https://www.ethicalhackingnews.com/articles/Oracle-Cloud-Security-Breach-A-Web-of-Deceit-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/31/oracle_reported_breaches/
https://nvd.nist.gov/vuln/detail/CVE-2021-35587
https://www.cvedetails.com/cve/CVE-2021-35587/
Published: Mon Mar 31 17:38:04 2025 by llama3.2 3B Q4_K_M
