Cybersecurity News in Asia

Cloud data breach claims spark debate amid denial and contradictory evidence

By CybersecAsia editors | Tuesday, March 25, 2025, 9:15 AM Asia/Singapore

A hacker claims to have stolen 6m data records, but despite the evidence, the alleged victim organization has denied the breach

A controversy has recently emerged over a potential major data breach at cloud service provider, with security researchers and the former CSP offering contradictory narratives about what occurred.

Apparently, on 21 March 2025, a hacker using the name “rose87168” had publicly claimed to have stolen 6m records from Oracle Cloud, allegedly exposing sensitive data from approximately 140,000 tenants.

The hacker had claimed that the firm’s servers in both Amsterdam and Chicago had been compromised, resulting in the breach of Java Key Store files, encrypted passwords, and Enterprise Manager JPS keys.

When questioned by media outlets, Oracle had categorically denied the allegations, stating: “The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data”. This firm denial comes despite reports that Oracle has requested password resets from some customers.

Possible evidence and implications

A cybersecurity firm that appears to have been the first to verify the hacker’s claim, CloudSEK, has verified that their threat intelligence team had uncovered “conclusive evidence validating the threat actor’s claims — including production-level exposure of Oracle Cloud SSO endpoints and real customer data in the leaked samples.”

Investigation have determined that:

the domain login.us2.oraclecloud.com was actually compromised
the potential customer impact was “profound”
the breach in question had reportedly exploited CVE-2021-35587, a critical vulnerability in Oracle Access Manager within Oracle Fusion Middleware, which may have gone unpatched on the US2 server in Chicago. The method used to access the EM2 server in Amsterdam remains unclear.
the hacker had allegedly approached the cloud service provider a month prior, demanding over US$200m in cryptocurrency for the stolen data. Oracle had allegedly refused to pay, given that it is illegal in the United States to pay cyber ransoms.
the hacker “rose87168” has shared additional evidence with a media firm, suggesting the infiltration had occurred approximately 40 days before public disclosure.

Regardless of whether the breach had occurred as claimed by the threat actor, numerous security experts have recommended organizations using the cloud service provider to reset the necessary login credentials, verify their systems for compromise indicators, and implement credential rotations as a precautionary measure.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
Mitigating Ransomware Risks with GRC Automation
In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

HOSTWAY gains 73% operational efficiency for private cloud operations
With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
CISOs can navigate emerging risks from autonomous AI with a new security framework
See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
MoneyMe strengthens fraud prevention and credit decisioning
Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
PT Kereta Api Indonesia announces nationwide email and communication overhaul
The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more

Featured

Psst… know anyone interested in selling his/her identity?

Featured

When failure is not an option

Featured