Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers.
Back on March 21st, Bleeping Computer ran a story around a threat actor named rose87168 claiming to have breached some Oracle services inside *.oraclecloud.com
Oracle told Bleeping Computer, and customers, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data”
The threat actor then posted an archive.org URL and provided it to Bleeping Computer, strongly suggesting they had write access to login.us2.oraclecloud.com, a service using Oracle Access Manager. This server is entirely managed by Oracle:
Oracle have since requested Archive.org take down the proof:
The threat actor then provided a several hour long recording of an internal Oracle meeting, complete with Oracle employees talking for two hours:
The meeting is viewable here and the transcript is here:
https://github.com/j-klawson/oracle_breach_2025/blob/main/youtube_video_transcript.txt
The two hour video includes things like accessing internal Oracle password vaults, and customer facing systems:
This article has been indexed from DoublePulsar – Medium