TZUTC: -0500   
   MSGID: 644.consprcy@1:2320/105 2c47ea90   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Oracle denies data breach after hacker claims to hold six million records   
      
   Date:   
   Mon, 24 Mar 2025 13:02:00 +0000   
      
   Description:   
   Hacker claims they were able to upload a .txt file with their email address    
   to Oracle servers.   
      
   FULL STORY   
      
   Oracle has denied suffering a cyberattack and a data breach, following claims   
   from a hacker to have stolen millions of records from company servers.    
      
   In mid-March 2025, a threat actor with the alias rose87168 released 6 million   
   data records, claiming they were seized from Oracles Cloud federated SSO    
   login servers. The archive posted on the dark web included a sample database,   
   LDAP information, and a list of companies.    
      
   Perhaps unsurprisingly, Oracle was having none of it, issuing a statement   
   declaring, "There has been no breach of Oracle Cloud. The published   
   credentials are not for the Oracle Cloud. No Oracle Cloud customers   
   experienced a breach or lost any data."   
      
   Encrypted SSO passwords    
      
   In the meantime, rose87168 took the archive for sale, in exchange for either   
   an undisclosed sum of money, or zero-day exploits.    
      
   The threat actor claims the data includes encrypted SSO passwords , Java   
   keystore (JKS) files, key files, enterprise manager JPS keys, and more.    
      
   "The SSO passwords are encrypted, they can be decrypted with the available   
   files. also LDAP hashed password can be cracked," rose87168 said.    
      
   "I'll list the domains of all the companies in this leak. Companies can pay a   
   specific amount to remove their employees' information from the list before   
   it's sold."    
      
   Before listing the stolen archive for sale, the threat actor apparently asked   
   Oracle for 100,000 XMR (the Monero cryptocurrency), but the company also   
   demanded all information needed for fix and patch, and since rose87168 did    
   not provide, the negotiations broke down..    
      
   To prove the stolen files were legitimate, the threat actor gave   
   BleepingComputer a URL for Internet Archive, which shows that they uploaded a   
   .txt file containing their email address to login.us2.oraclecloud.com server.    
      
   The publication reached out to Oracle for an explanation - we have also   
   contacted the company for comment.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/oracle-denies-data-breach-after-hacker-   
   claims-to-hold-six-million-records   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426