Oracle is facing serious allegations of a data breach on its Oracle Cloud federated SSO login servers, despite firmly denying the incident. According to BleepingComputer's investigation, multiple companies confirmed the authenticity of shared data samples provided by an alleged hacker.
The situation came to light last week when an individual claimed to have breached Oracle Cloud servers and began selling alleged authentication data and encrypted passwords from 6 million users. The attacker also claimed that the stolen SSO and LDAP passwords could be decrypted using information found in the stolen files.
Despite Oracle's categorical denial of any breach of its systems, BleepingComputer received additional samples of the leaked data and contacted the associated companies. Representatives from those companies, speaking on condition of anonymity, confirmed the authenticity of the information, including LDAP display names, email addresses, and other identifying data.
The case takes on additional significance with the discovery that the server "login.us2.oraclecloud.com" was running Oracle Fusion Middleware 11g until February 17, 2025 — a version affected by a known vulnerability (CVE-2021-35587) that allowed unauthenticated attackers to compromise Oracle Access Manager. Oracle has since taken the server offline but has not responded to multiple requests for clarification from BleepingComputer.
Source: BleepingComputer
This post was translated and summarized from its original version using ChatGPT version 4o, with human review.