{"id":1594,"date":"2025-04-01T11:00:44","date_gmt":"2025-04-01T11:00:44","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1594"},"modified":"2025-04-01T11:00:44","modified_gmt":"2025-04-01T11:00:44","slug":"hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/","title":{"rendered":"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data"},"content":{"rendered":"<p>The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security researchers.<\/p>\n<p>The threat actor, identified as Rose87168, posted a threat Sunday to leak stolen data and claimed Oracle is not cooperating with the hacker\u2019s demands, according to a LinkedIn post by Alon Gal, co-founder and CTO at Hudson Rock.<\/p>\n<p>The threat actor previously took credit for the Oracle Cloud incident, claiming to have access to 6 million data records, affecting more than 140,000 tenants.<\/p>\n<p>After initially denying that a breach took place, Oracle has largely remained silent about the breach and declined to answer numerous requests to comment on the incident. Meanwhile, security researchers have revealed increasing evidence backing up claims of the data breach.<\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/researchers-oracle-cloud-breach\/743447\/\">Security researchers from CloudSEK<\/a>\u00a0published evidence last week that supported the threat actor\u2019s claims of a breach. Researchers said they believed the hacker exploited a zero-day vulnerability or a misconfiguration in the OAuth2 authentication process.<\/p>\n<p>The alleged breach was linked to a critical vulnerability, listed as\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-35587\">CVE-2021-35587<\/a>, a vulnerability in Oracle Access Manager product of Oracle Fusion Middleware. The vulnerability, which has a CVSS score of 9.8, allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.<\/p>\n<p>The stolen data includes single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys and tenant data, according to CloudSEK.<\/p>\n<p>CloudSEK researchers have been analyzing a sample provided by the hacker.<\/p>\n<p>Researchers from Trustwave SpiderLabs\u00a0<a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/trustwave-spiderlabs-threat-review-alleged-oracle-compromise\/\">released a blog post last week<\/a>\u00a0confirming the hacker is threatening to sell stolen data and offering multiple purchase options, based on company name, hashed credentials and other criteria.<\/p>\n<p>\u201cBased on our research and analysis, and that of other researchers, we feel that it is likely that this is a legitimate breach,\u201d researchers from Trustwave told Cybersecurity Dive via email.<\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/743981\/\">Read the Full Story Here<\/a><\/p>\n<p>Source: Cybersecurity Dive<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security researchers. The threat actor, identified as Rose87168, posted a threat Sunday to leak stolen data and claimed Oracle is not cooperating with the hacker\u2019s demands, according to a LinkedIn post [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1595,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community\" \/>\n<meta property=\"og:description\" content=\"The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security researchers. The threat actor, identified as Rose87168, posted a threat Sunday to leak stolen data and claimed Oracle is not cooperating with the hacker\u2019s demands, according to a LinkedIn post [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-01T11:00:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/\",\"name\":\"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg\",\"datePublished\":\"2025-04-01T11:00:44+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/","og_locale":"en_US","og_type":"article","og_title":"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community","og_description":"The threat actor that claimed responsibility for an alleged data breach at Oracle Cloud is threatening to release or sell the data, according to security researchers. The threat actor, identified as Rose87168, posted a threat Sunday to leak stolen data and claimed Oracle is not cooperating with the hacker\u2019s demands, according to a LinkedIn post [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-04-01T11:00:44+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/","name":"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg","datePublished":"2025-04-01T11:00:44+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/04\/hackers.jpg","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/hacker-linked-to-oracle-cloud-intrusion-threatens-to-sell-stolen-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Hacker linked to Oracle Cloud intrusion threatens to sell stolen data"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1594"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1594\/revisions"}],"predecessor-version":[{"id":1596,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1594\/revisions\/1596"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1595"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}