Hacker alleges theft of 6 million records, but Oracle denies any security compromise.
A hacker known as “rose87168” has claimed responsibility for what is being called the largest supply chain cyberattack of 2025, allegedly exfiltrating 6 million records from Oracle Cloud. The cybercriminal claims the breach exposed Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) credentials, affecting over 140,000 Oracle Cloud tenants.
However, Oracle has strongly denied these allegations. In an official statement to BleepingComputer, the tech giant asserted: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
Despite Oracle’s denial, cybersecurity firm CloudSEK warns that a dataset containing Java KeyStore (JKS) files, encrypted SSO passwords, and Enterprise Manager JPS keys is being advertised for sale on dark web forums. If legitimate, such data could pose serious security risks for businesses relying on Oracle Cloud infrastructure.
Cybersecurity experts are divided, with some calling for independent verification of the claims before dismissing the threat outright. Others emphasize the importance of proactive security measures, urging Oracle Cloud customers to:
- Monitor access logs for unusual activity
- Reset passwords and rotate encryption keys
- Enable multi-factor authentication (MFA) as a precaution
While Oracle’s official stance remains that no breach has occurred, the incident underscores the growing risk of supply chain attacks and the importance of continuous monitoring in cloud security.
