A war of words has erupted between oracle and cybersecurity researchers following claims the company suffered a security breach. The biggest supply chain hack of 2025 6m records exfiltrated from oracle cloud affecting over 140k tenants cloudsek uncovers a major breach targeting oracle cloud, with 6 million records exfiltrated via a suspected undisclosed vulnerability Over 140,000 tenants are impacted, as the attacker demands ransom and markets sensitive data online Learn the full scope, risks, and how to respond A hacker sold a database of six million records, including security keys and credentials, allegedly stolen from oracle cloud services
Oracle denied the breach at first, but later admitted it and claimed the data was old and obsolete. Oracle cloud compromise traced to old vulnerability the data breach was uncovered by researchers with security firm cloudsek, who came across dark web listings on march 21 that advertised some six million records purportedly stolen from oracle cloud. A user on breachforums alleges that oracle suffered a data breach in september 2024, exposing 4,002 rows of employee information This expanded sample, due to its size and consistency with previous information and the expected structure of an oracle identity system (potentially oid/oud/idcs connected to a database), significantly increases the plausibility of the leak claim—despite oracle's official denial. Learn how to reset credentials, monitor for suspicious activity, and use the orca platform to secure your cloud environment. Despite oracle categorically denying that its cloud systems have been breached, sample data released by the hacker seems to prove otherwise.
In an initial denial, the us company denied a security incident.
OPEN
