![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![GrandChase tier list of the best characters available [April 2025]](https://media.pocketgamer.com/artwork/na-33057-1637756796/grandchase-ios-android-3rd-anniversary.jpg?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![Google releases Pixel Camera 9.8 patch update [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/Pixel-9a-Porcelain-camera-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Apple M4 13-inch iPad Pro On Sale for $200 Off [Deal]](https://www.iclarified.com/images/news/97056/97056/97056-640.jpg)
![Apple Shares New 'Mac Does That' Ads for MacBook Pro [Video]](https://www.iclarified.com/images/news/97055/97055/97055-640.jpg)
Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials
Oracle Corp. has privately confirmed to customers that a threat actor breached a computer system and exfiltrated old client login credentials. This acknowledgment comes after weeks of public denials and represents the second cybersecurity incident the company has disclosed to clients in recent months. Oracle staff informed select clients this week that attackers compromised a […] The post Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials appeared first on Cyber Security News.
Oracle Corp. has privately confirmed to customers that a threat actor breached a computer system and exfiltrated old client login credentials.
This acknowledgment comes after weeks of public denials and represents the second cybersecurity incident the company has disclosed to clients in recent months.
Oracle staff informed select clients this week that attackers compromised a “legacy environment,” gaining unauthorized access to authentication data, including usernames, passkeys, and encrypted passwords, according to Bloomberg reports.
The FBI and cybersecurity firm CrowdStrike have been called in to investigate the incident.
Breach Details and Extortion
This marks a significant reversal from Oracle’s previous public statements categorically denying any breach.
When reports first emerged in March of a threat actor attempting to sell 6 million data records allegedly stolen from Oracle Cloud infrastructure, the company insisted: “There has been no breach of Oracle Cloud.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
The published credentials are not for Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data”.
Security researchers have criticized Oracle’s response, suggesting the company is engaging in “wordplay” by rebranding the compromised systems as “Oracle Classic” to maintain their claim that “Oracle Cloud” wasn’t breached.
“Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident,” noted cybersecurity expert Kevin Beaumont.
“Oracle is denying it on ‘Oracle Cloud’ by using this scope — but it’s still Oracle cloud services that Oracle manage”.
While Oracle is attempting to downplay the severity by claiming the compromised system hasn’t been used in eight years, sources contradicted this assertion, revealing that stolen data included credentials from as recently as 2024.
The threat actor, using the moniker ‘rose87168’, initially demanded a $20 million extortion payment before offering to sell the data on hacking forums.
After gaining initial access, the attacker reportedly deployed a webshell and malware specifically targeting Oracle’s Identity Manager (IDM) database as early as January 2025.
This incident is separate from another breach Oracle disclosed to healthcare customers last month.
In that attack, hackers infiltrated legacy Cerner data migration servers after January 22, 2025, using compromised customer credentials to steal patient information from multiple U.S. healthcare organizations.
The company’s handling of these security incidents has already sparked legal consequences.
A class action lawsuit filed in the U.S. District Court for the Western District of Texas accuses Oracle of failing to secure private information and concealing the breach from affected users beyond the required 60-day notification window.
Security experts warn that these breaches fundamentally undermine cloud security assumptions. “Cloud customers were engaged on a bedrock security promise: tenant isolation and segregation contain breaches,” said Sunil Varkey, advisor at Beagle Security.
“However, a single hack reportedly exposed 6 million records across 140,000 tenants… shattering that illusion”.
As investigations continue, Oracle has yet to make a public statement acknowledging either breach. It is maintaining its pattern of private disclosures to affected customers while publicly remaining silent on the incidents.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials appeared first on Cyber Security News.
