Another Oracle Data Breach? Hacker Selling Stolen Login Credentials

Oracle has informed its customers about a second cybersecurity breach within a month, where an attacker accessed an old system and stole client login credentials. This latest incident was first reported by Bloomberg, citing sources familiar with the matter. Here’s everything you need to know about.

Hacker Claims to Sell Stolen Oracle Data Online

According to the report, an unidentified hacker attempted to sell stolen data from Oracle’s cloud servers last month. The breach is said to involve login credentials, including some from as recent as 2024, raising concerns over potential security risks. However, Oracle has told affected customers that the compromised system has not been in use for eight years and that the stolen credentials pose minimal risk.

Investigation Underway with FBI and CrowdStrike

Oracle has involved the Federal Bureau of Investigation (FBI) and cybersecurity firm CrowdStrike Holdings in the investigation. The hacker allegedly sought an extortion payment from the company, though details on Oracle’s response to this demand remain unclear.

Unfortunately, this is the second security breach that the company has disclosed in recent weeks. Last month, Oracle warned some healthcare clients about a separate hacking incident, though the latest breach is reportedly unrelated to the prior incident.

Potential Risks and Other Data Breach

While Oracle has downplayed the immediate risks associated with the stolen credentials, compromised login data, even from older systems, can still be leveraged for phishing attacks or identity fraud if users have reused passwords elsewhere, given the size of Oracle’s enterprise cloud computing and database management.

On a similar note, recently, cybersecurity firm CloudSEK uncovered evidence of a separate Oracle Cloud data exposure. The firm reported that a threat actor, identified as “rose87168,” is selling 6 million allegedly exfiltrated records from Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems. The breach reportedly affects more than 140,000 tenants across multiple industries. While Oracle has denied any breach, CloudSEK’s investigation suggests otherwise, showing findings that challenge the company’s stance.

This incident raises further concerns about security vulnerabilities within Oracle’s authentication systems. Now, what Oracle does next to address these security concerns remains to be seen.

Keval Vachharajani
Reporter
- LinkedIn
Keval Vachharajani is a seasoned business tech journalist with over five years of experience covering technology for renowned publications. Now, he brings his expertise to the dynamic world of B2B. At Geekflare, Keval focuses on uncovering the latest developments in SaaS, delivering in-depth news, analysis, and insights to empower businesses and professionals.