Oracle Corporation

Oracle Corporation endured a data breach affecting its Gen 1 servers, with no complete PII exposure but involving 6 million data records including usernames, email addresses, and hashed passwords. Sensitive credentials related to SSO and LDAP were also compromised. The breach, attributed to the threat actor 'rose87168' via a 2020 Java exploit, resulted in the theft of JKS files and Enterprise Manager JPS keys from legacy systems approximately 16 months old. Oracle has informed clients and taken steps to bolster Gen 1 server security while maintaining that its Gen 2 servers and primary Oracle Cloud infrastructure remain secure.

Source: https://cybersecuritynews.com/oracle-acknowledges-data-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/oracle

"id": "ora956040325",
"linkid": "oracle",
"type": "Breach",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Oracle Corporation',
                        'type': 'Corporation'}],
 'attack_vector': '2020 Java Exploit',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['JKS files', 'JPS keys'],
                 'number_of_records_exposed': '6 million',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['usernames',
                                              'email addresses',
                                              'hashed passwords',
                                              'SSO credentials',
                                              'LDAP credentials',
                                              'JKS files',
                                              'Enterprise Manager JPS keys']},
 'description': 'Oracle Corporation endured a data breach affecting its Gen 1 '
                'servers, with no complete PII exposure but involving 6 '
                'million data records including usernames, email addresses, '
                'and hashed passwords. Sensitive credentials related to SSO '
                'and LDAP were also compromised. The breach, attributed to the '
                "threat actor 'rose87168' via a 2020 Java exploit, resulted in "
                'the theft of JKS files and Enterprise Manager JPS keys from '
                'legacy systems approximately 16 months old. Oracle has '
                'informed clients and taken steps to bolster Gen 1 server '
                'security while maintaining that its Gen 2 servers and primary '
                'Oracle Cloud infrastructure remain secure.',
 'impact': {'data_compromised': ['usernames',
                                 'email addresses',
                                 'hashed passwords',
                                 'SSO credentials',
                                 'LDAP credentials',
                                 'JKS files',
                                 'Enterprise Manager JPS keys'],
            'systems_affected': ['Gen 1 servers', 'legacy systems']},
 'response': {'remediation_measures': ['Informed clients',
                                       'Bolstered Gen 1 server security']},
 'threat_actor': 'rose87168',
 'title': 'Oracle Corporation Gen 1 Servers Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Java Vulnerability'}