Oracle has denied that it has suffered a data breach. A hacker, using the name “rose87168,” has claimed responsibility for what is being called the largest supply chain cyberattack of 2025, allegedly exfiltrating 6 million records from Oracle Cloud, according to a Bengaluru-based cybersecurity and threat intelligence company, CloudSEK.
The information was allegedly stolen by exploiting a vulnerability in a single sign-on login server of Oracle. The hacker claims the breach exposed Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) credentials, affecting over 140,000 Oracle Cloud tenants.
Despite these claims, Oracle has stoutly denied any breach of its cloud infrastructure. The company states that its customers have not been affected by a data breach or data loss. In an official statement to BleepingComputer, the company asserted: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” Oracle stated in response to the reports,” Oracle Cloud said.
Despite Oracle’s denial, cybersecurity experts advise businesses using Oracle services to implement preventive measures to safeguard their sensitive data. Some external cybersecurity experts seem to suspect that the attack did indeed take place.
For example, CloudSEK suspects that an Oracle login server was not up to date and therefore vulnerable to CVE-2021-35587, which is a critical vulnerability in Oracle Access Manager of Oracle Fusion Middleware.
The attacker also appears to have created a file on an Oracle Cloud login server to prove the authenticity of the attack. This txt file, which can be found via the Internet Archive’s Wayback Machine , contains the email address of rose87168.
Rose87168 offers the alleged stolen data for sale on the forum. The miscreant has also asked other cybercriminals for help in decrypting encrypted credentials, in exchange for a share of the data.
