Oracle Cloud is suspected to have suffered a significant cyberattack, leading to the theft of 6 million records. These records are reportedly being sold by a hacker. Oracle, however, has firmly denied any such breach.
What Happened: A hacker going by the pseudonym "rose87168" is purportedly selling 6 million records stolen from Oracle’s systems. This claim was initially brought to light by a cybersecurity firm, CloudSEK, based out of India’s Bengaluru. The firm also called it the ‘Biggest supply chain attack of 2025’
Oracle has staunchly refuted these allegations, and told the Bleeping Computer that none of its Cloud customers have been affected and that the leaked credentials do not pertain to Oracle Cloud.
Despite Oracle’s denial, cybersecurity experts advise businesses using Oracle services to implement preventive measures to safeguard their sensitive data. As per CloudSEK’s report, this could potentially be the largest supply chain hack of 2025, targeting Oracle Cloud and impacting more than 140,000 tenants across various sectors and regions.
The breach was reportedly linked to the login endpoint login.(region-name).oraclecloud.com, exposing a dataset that included Java KeyStore (JKS) files, encrypted SSO passwords, key files, and Enterprise Manager JPS keys.
Since January 2025, the hacker has been selling sensitive data, attempting to decrypt stolen credentials, and extorting companies for data deletion fees. As perCloudSEK, the hacker also created an X page to broaden their reach by following Oracle-related accounts and tracking their targets.
Why It Matters: The reported exposure of 6 million records presents major risks for organizations, including large-scale data breaches, corporate espionage and unauthorized access. Decrypted SSO and LDAP passwords could allow attackers to infiltrate Oracle Cloud environments and exploit supply chain vulnerabilities by targeting interconnected systems.
Businesses face high stakes as the hacker "rose87168" pressures over 140,000 tenants with extortion demands, using an X page to amplify threats and target Oracle-related accounts. This incident follows a trend of increased cyberattacks, such as the exploits by the Chinese hacker group, Salt Typhoon on Cisco CSCO.
Oracle holds a momentum rating of 65.86% and a growth rating of 62.87%, according to Benzinga’s Proprietary Edge Rankings. The Benzinga Growth metric evaluates a stock's historical earnings and revenue expansion across multiple timeframes, prioritizing both long-term trends and recent performance. For an in-depth report on more stocks and insights into growth opportunities, sign up for Benzinga Edge.
Image via Shutterstock
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
Edge Rankings
Price Trend
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
