from Hacker News

Oracle customers confirm data stolen in alleged cloud breach is valid

by el_duderino on 3/26/25, 8:31 PM with 82 comments

  • by ziddoap on 3/26/25, 9:40 PM

    >BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

    >In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach.

    Oracle probably should have just admitted the validity up front.

    It's not like there are any real penalties to a breach. Lying about it is probably a worse PR hit than the breach itself.

  • by 2thumbsup on 3/26/25, 9:25 PM

    Alone the fact that Oracle was hosting their login gateway on a product with a known vulnerability from 2021 with a CVSS score of 9.8 is quite disturbing.

  • by xyst on 3/26/25, 10:54 PM

    > In this email exchange, the threat actor says someone from Oracle using a @proton.me email address told them that "We received your emails. Let’s use this email for all communications from now on. Let me know when you get this."

    E-mails are one of the sources at most public companies that are required to retain for a period of time (7 yrs?). Probably trying to avoid a paper trail?

    Data breaches, unfortunately, have no impact to stock. Companies that use Oracle products are unlikely to migrate any time soon.

    _future_ sales may be impacted and maybe some smaller players can migrate off. But Oracle will downplay it as much as possible.

    “Deny. Delay. Defend.” Is not just a health insurance slogan.

  • by 6stringmerc on 3/26/25, 11:25 PM

    Okay having worked at a top 3 insurance broker about 10 years ago when “Cyber” policies were being rolled out (h/t Beasley)…I wonder who underwrote Oracle’s policy and how much it was in that tower? No policy? Hope the D&O can cover the shareholder lawsuits! Wait, something something cozy with administration in power, rules subject to interpretation, etc.

    Then again, Tyler Technologies blamed Judyrecords.com for their exposing reams of sealed cases in California because of their flawed obfuscation system and claimed it was a security breach (somehow skated on accountability there).

    Rule #1 of a breach is never write the word breach in an email, hence the discussion off their dot com I figure…

  • by az226 on 3/26/25, 9:38 PM

    Classic, Oracle denying breach despite clear evidence.

  • by thedougd on 3/27/25, 1:00 AM

    If you ran Oracle you’d appreciate why it wasn’t patched. They do not make it easy.

  • by medhir on 3/27/25, 3:21 AM

    genuinely curious what kind of demographic is leveraging Oracle for cloud products — all I’ve heard about them suggests long-term pain.

    this incident certainly doesn’t help inspire confidence in their offerings.

  • by sexy_seedbox on 3/27/25, 12:13 PM

    What about Oracle Opera Cloud and Oracle NetSuite Cloud customer data—have they been stolen as well? Many many hotels around the world use Opera + NetSuite.

  • by KaiserPro on 3/27/25, 9:44 AM

    How long has oracle been denying it? three days?

  • by justanother1 on 3/27/25, 4:49 AM

    Larry and Trump are in bed. Oracle will(should) fire their OCI and SaaS CISOs