Mobile, Security

Oracle Acknowledges Significant Security Breach Exposing Legacy Client Data

tuffbrownboy


Threat actor selling data allegedly stolen from Oracle Cloud
Red Report 2025

Overview of the Oracle Security Breach

Oracle has confirmed to select customers that their legacy system, last active in 2017, has been compromised, resulting in the theft of outdated client credentials, according to a Bloomberg report. Despite reassurances that this exposed data is not sensitive, the adversary involved in this breach has since disclosed up-to-date information from 2024 and 2025 on various cybercrime forums.

Key Details on the Recent Oracle Data Breach

Investigators from both CrowdStrike and the FBI are probing the incident, which sheds light on a broader vulnerability problem within Oracle’s systems. Oracle initially discovered the breach when it identified unauthorized access on their Gen 1 servers, also known as Oracle Cloud Classic, facilitated by a Java exploit dating back to 2020. This breach involved the deployment of malicious web shells and additional malware by the attackers.

Data Compromised During the Incident

  • User emails
  • Hashed passwords
  • Usernames

Following these revelations, a nefarious actor known as rose87168 advertised the sale of approximately 6 million Oracle data records on BreachForums, supplementing their claims with sample databases and other substantiative details.

Oracle’s Response to the Data Leak Allegations

Oracle has staunchly denied any breach of its current Oracle Cloud infrastructure, even as evidence to the contrary continues to mount. This includes an archived URL that pointed to Oracle’s servers hosting data linked to the adversary.

Furthermore, validated communications have revealed that additional customer data from the leaks is accurate and currently circulating among cybercriminal communities.

Simultaneous Breach at Oracle Health

Separately, Oracle Health, previously known as Cerner, also suffered a significant breach impacting several U.S. healthcare organizations. Attackers allegedly utilized compromised customer credentials to access Oracle’s legacy data migration servers. Despite the silence from Oracle Health regarding this breach, the entity named “Andrew”, has started demanding ransoms in cryptocurrency to refrain from leaking or selling the stolen patient data.

For more updates and in-depth analysis of the Oracle breach incidents, please stay tuned to our ongoing coverage.

Related: Urgent Alert: Texas State Bar Hit by Ransomware Attack, Confidential Data Exposed

Last Updated: April 3, 2025

Post Views: 14

Related Posts