By Cyber Guard Team 
On March 21, 2025, cybersecurity firm CloudSEK reported a significant breach of Oracle Cloud’s infrastructure. A threat actor, identified as “rose87168,” allegedly exploited an undisclosed vulnerability in Oracle’s login system to access and exfiltrate approximately 6 million records. These records, affecting over 140,000 tenants, included sensitive authentication data such as Java KeyStore (JKS) files, encrypted Single Sign-On (SSO) passwords, key files, and Enterprise Manager Java Platform Security (JPS) keys.
The attacker reportedly targeted the login endpoint “login.(region-name).oraclecloud.com,” which was still operational as of February 17, 2025, despite running outdated software components. This suggests that the vulnerability may have arisen from unpatched or deprecated systems within Oracle’s infrastructure.
In response to these allegations, Oracle has denied any breach, stating, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
To mitigate the risk of such breaches, organizations utilizing cloud services should:
Regularly Update and Patch Systems: Ensure that all software components, especially those related to authentication and access control, are up-to-date to address known vulnerabilities.
Implement Strong Access Controls: Enforce strict access policies, including multi-factor authentication (MFA), to limit unauthorized access to sensitive systems and data.
Conduct Regular Security Audits: Perform comprehensive security assessments to identify and remediate potential vulnerabilities within both internal systems and those provided by third-party vendors.
Monitor for Unusual Activities: Utilize security monitoring tools to detect and respond to anomalous activities that may indicate attempted breaches or unauthorized access.
Engage with Reputable Security Vendors: Collaborate with cybersecurity firms to gain insights into emerging threats and receive guidance on best practices for securing cloud environments.
Register Now