Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

Oracle Cloud Breach: 6M Records Exposed, 140K Tenants at Risk

Blog post from SSOJet

Post Details
Company
Date Published
Author
Gopal Gehlot
Word Count
516
Company Posts That Month
87
Language
English
Hacker News Points
-
Summary

A user on Breach Forums, known as "rose87168," claims to have stolen six million records from Oracle Cloud's SSO and LDAP services, impacting over 140,000 organizations, and is offering the data for sale. The breach reportedly involves encrypted passwords and key files, allegedly obtained by exploiting a vulnerability in Oracle Fusion Middleware, specifically CVE-2021-35587, although Oracle denies any data breach. CloudSEK's analysis supports the possibility of a breach, noting the compromise of a production SSO endpoint and suggesting organizations reset Oracle LDAP and SSO passwords, update authentication methods, and implement enhanced security protocols. This alleged breach underscores potential risks such as data exposure, credential compromise, and extortion, raising significant concerns about Oracle Cloud's security and the possibility of future attacks.

Trends Found in this Post

No tracked trend matches for this post yet.