A hacker claims to have broken into Oracle and stolen millions of data records, including customer security keys. Oracle denies the hack.
Oracle has been put in a difficult position after a hacker claims to have broken into regional cloud servers. The hacker, operating under the name rose87168, claims Oracle’s scalp on a hacker forum. The intrusion allegedly resulted in the theft of six million data records, including encrypted SSO passwords, Java Keystore files, and JPS keys.
According to Oracle, there’s nothing to worry about. “The published data does not come from Oracle Cloud. No breaches or data leaks have occurred with customers,” Oracle clarifies in a statement to The Register and Bleeping Computer.
Six Million Data Records
The hacker claims to have gained access to regional SSO login servers forty days ago. To prove their claim, the perpetrator sent a Wayback Machine link to Bleeping Computer that captures the moment he or she logs into Oracle’s US2 server. They allegedly also logged into an EM2 server.
The allegedly stolen data is for sale on the dark web forum BreachForums. Certain data such as SSO passwords and hashed LDAP passwords are additionally encrypted. In exchange for help in cracking that encryption, the hacker promises to give away the data for free.
The hacker further threatens to make public the list of Oracle customers whose data was allegedly stolen. This serves as leverage to pressure those involved companies to pay to keep their names from being disclosed. The perpetrator(s) also reportedly asked Oracle for a sum to share information about the exploited vulnerability, but Oracle did not respond to this.