Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers.

Back on March 21st, Bleeping Computer ran a story around a threat actor named rose87168 claiming to have breached some Oracle services inside *.oraclecloud.com

Oracle told Bleeping Computer, and customers, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data”

The threat actor then posted an archive.org URL and provided it to Bleeping Computer, strongly suggesting they had write access to login.us2.oraclecloud.com, a service using Oracle Access Manager. This server is entirely managed by Oracle:

https://cyberplace.social/@GossiTheDog/114202395143978043

Oracle have since requested Archive.org take down the proof:

The threat actor then provided a several hour long recording of an internal Oracle meeting, complete with Oracle employees talking for two hours:

The meeting is viewable here and the transcript is here:

https://github.com/j-klawson/oracle_breach_2025/blob/main/youtube_video_transcript.txt

The two hour video includes things like accessing internal Oracle password vaults, and customer facing systems:

This article has been indexed from DoublePulsar – Medium

Read the original article:

Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service