Hackread reports that cybersecurity firm CloudSEK has contested Oracle's categorical rejection of an alleged breach of its Oracle Cloud single sign-on endpoint that purportedly resulted in the compromise of six million records.
Despite assertions that Oracle has not been impacted by the breach, threat actor "rose87168" discovered by CloudSEK researchers to have targeted the firm's production SSO endpoint "login.us2.oraclecloud.com," which was later leveraged to pilfer over 140,000 tenants' records. Such a domain was also leveraged to allow API request authentication, according to CloudSEK, which also validated the stolen customer domain names that rose87168 posted as samples. Oracle's immediate repudiation of the breach claims has already been questioned by cybersecurity experts, including Deepwatch Chief Information Security Officer Chad Cragle and Fenix co-founder and CISO Heath Renfrow. "Dismissing the incident without addressing this key detail raises more questions than answers. If Oracle wants to maintain credibility, the company must clarify how the file ended up there, whether any security gaps were exploited, and why the subdomain was taken down," said Cragle.
