March 25, 2025 Oracle is denying claims that its cloud systems were breached after a hacker alleged they had stolen six million user records. The hacker, using the alias “rose87168,” posted on dark web forums claiming they had accessed encrypted passwords, Single Sign-On (SSO) credentials, Java keystore files, and other sensitive configuration data from Oracle’s cloud login servers.
In a public statement, Oracle said, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
The hacker reportedly demanded 100,000 Monero (XMR)—a privacy-focused cryptocurrency known for being difficult to trace—in exchange for the data and instructions on how to fix the claimed vulnerability. After Oracle did not respond, the data was offered for sale. The hacker also invited companies to pay to have their employee records removed from the dataset before it was sold.
The authenticity of the stolen data has not been independently verified. Oracle continues to insist that its systems remain secure and that no customer data has been compromised.
However, Bleeping Computer, which first reported the story, was given a link showing a .txt file uploaded to what appears to be Oracle’s cloud servers. The outlet has asked Oracle to explain how the file was placed there without having access to the server. As of the time of publication, Oracle had not responded.
Link to the .txt file https://web.archive.org/web/20250301161517/http:/login.us2.oraclecloud.com/oamfed/x.txt?x
