Breach cyber

Oracle Cloud

Mar 31, 2025 1 min read
Oracle Cloud

Oracle Cloud faced an alleged data breach, claimed by a threat actor named Rose87168, affecting over 140,000 tenants and potentially exposing 6 million records including sensitive SSO credentials, LDAP passwords, and OAuth2 keys. Despite initial denials, evidence from security researchers at CloudSEK and confirmation from Trustwave SpiderLabs suggest the breach is legitimate, likely due to a critical vulnerability (CVE-2021-35587) in Oracle Access Manager. The breach's nature and the threat to sell or release the data indicate a severe security lapse potentially compromising personal and financial information.

Source: https://www.cybersecuritydive.com/news/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data/743981/

TPRM report: https://scoringcyber.rankiteo.com/company/oracle-cloud

"id": "ora805033125",
"linkid": "oracle-cloud",
"type": "Breach",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Oracle Cloud',
                        'type': 'Cloud Service Provider'}],
 'attack_vector': 'Critical Vulnerability',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 6000000,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['SSO credentials',
                                              'LDAP passwords',
                                              'OAuth2 keys']},
 'description': 'Oracle Cloud faced an alleged data breach, claimed by a '
                'threat actor named Rose87168, affecting over 140,000 tenants '
                'and potentially exposing 6 million records including '
                'sensitive SSO credentials, LDAP passwords, and OAuth2 keys. '
                'Despite initial denials, evidence from security researchers '
                'at CloudSEK and confirmation from Trustwave SpiderLabs '
                'suggest the breach is legitimate, likely due to a critical '
                'vulnerability (CVE-2021-35587) in Oracle Access Manager. The '
                "breach's nature and the threat to sell or release the data "
                'indicate a severe security lapse potentially compromising '
                'personal and financial information.',
 'impact': {'data_compromised': ['SSO credentials',
                                 'LDAP passwords',
                                 'OAuth2 keys'],
            'identity_theft_risk': True,
            'payment_information_risk': True},
 'motivation': 'Data Theft, Financial Gain',
 'references': [{'source': 'Security Researchers at CloudSEK and Trustwave '
                           'SpiderLabs'}],
 'response': {'third_party_assistance': ['CloudSEK', 'Trustwave SpiderLabs']},
 'threat_actor': 'Rose87168',
 'title': 'Oracle Cloud Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'CVE-2021-35587'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.