Check If Your Organization Was Mentioned in the Alleged Oracle Cloud Breach

Find out if your company was identified in the dataset linked to a recent alleged breach of Oracle Cloud's SSO infrastructure.

In mid-March 2025, a threat actor publicly claimed to have breached Oracle Cloud's federated Single Sign-On (SSO) login servers, alleging access to over 6 million data records. The stolen data is reportedly being sold on BreachForums, one of the most active underground cybercrime marketplaces.

According to the hacker's statements, the compromised data includes:

  • Encrypted SSO credentials
  • Java Keystore (JKS) files
  • Key files
  • Oracle Enterprise Manager JPS keys

To demonstrate the breach, the attacker uploaded a .txt file containing their ProtonMail address directly to Oracle Cloud infrastructure. They also claimed to have exploited a publicly known vulnerability in Oracle Cloud around 40 days before disclosure, and that Oracle refused to pay a 100,000 XMR ransom for full technical details.

Oracle has officially denied the breach, and at this time, no independent verification has confirmed the legitimacy of the threat actor's claims. The situation is still unfolding, and investigations are ongoing.

Disclaimer

This incident is alleged and awaiting Oracle's official confirmation or refutation. The information provided here is based on ongoing threat intelligence monitoring, and should be treated accordingly.

Every Businesses with online exposure is a target for cybercriminals.
Get an instant free darkweb report for your organization status!

hero-bg