Dark Web monitoring
Gain Comprehensive Visibility Into Your Organization's Exposure On The Dark Web.
Breaches monitoring
Stay Ahead Of The Curve With Our Continuous Monitoring Service For Latest Breach Services.
Attack surface mapping
Our Attack Surface Mapping Service Offers A Full Overview Of Your Exposed Assets.
Check If Your Organization Was Mentioned in the Alleged Oracle Cloud Breach
Find out if your company was identified in the dataset linked to a recent alleged breach of Oracle Cloud's SSO infrastructure.
In mid-March 2025, a threat actor publicly claimed to have breached Oracle Cloud's federated Single Sign-On (SSO) login servers, alleging access to over 6 million data records. The stolen data is reportedly being sold on BreachForums, one of the most active underground cybercrime marketplaces.
According to the hacker's statements, the compromised data includes:
- Encrypted SSO credentials
- Java Keystore (JKS) files
- Key files
- Oracle Enterprise Manager JPS keys
To demonstrate the breach, the attacker uploaded a .txt file containing their ProtonMail address directly to Oracle Cloud infrastructure. They also claimed to have exploited a publicly known vulnerability in Oracle Cloud around 40 days before disclosure, and that Oracle refused to pay a 100,000 XMR ransom for full technical details.
Oracle has officially denied the breach, and at this time, no independent verification has confirmed the legitimacy of the threat actor's claims. The situation is still unfolding, and investigations are ongoing.
Disclaimer
This incident is alleged and awaiting Oracle's official confirmation or refutation. The information provided here is based on ongoing threat intelligence monitoring, and should be treated accordingly.
Every Businesses with online exposure is a target for cybercriminals.
Get an instant free darkweb report for your organization status!
