Oracle was reported by Bloomberg to have admitted the theft of some customers' old credentials as a result of the compromise of an environment deprecated eight years ago following prior categorical denial of any breach after threat actor "rose87168" recently claimed stealing six million data records from Oracle Cloud's federated single sign-on servers, according to BleepingComputer.
Even though Oracle emphasized that no recent or sensitive details were affected by the incident which is already being probed by the FBI and CrowdStrike information exposed by rose87168 included text files and LDAP data from 2024 and 2025. Moreover, Oracle Cloud Classic, or Gen 1, servers were confirmed by the firm to have been targeted with attacks leveraging a 2020 Java exploit since January, which resulted in the exfiltration of Oracle Identity Manager database information, an investigation from CybelAngel revealed. Such a development comes after Oracle Health was reported to have its legacy data migration servers compromised in February, resulting in a data breach affecting various healthcare providers across the U.S.
