Well….this won’t help layoffs…
https://cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants
3 replies (most recent on top)
They took that blog post down, it's archived here though:
https://archive.is/pxdJR
The WayBack Machine has it archived here as well:
https://web.archive.org/web/20250323021056/https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants
Article summary:
- Massive Oracle Cloud breach exposed 6M records, including sensitive SSO & LDAP data, affecting over 140,000 tenants.
- Threat actor "rose87168" exploited a likely zero-day vulnerability in Oracle’s login endpoint, offering data for sale & demanding ransom.
- Stolen data includes encrypted passwords, JKS files, & key credentials, potentially enabling wider enterprise attacks.
- The exploited flaw, CVE-2021-35587, affects Oracle Access Manager & allows unauthenticated system takeover.
- CloudSEK rates the threat as highly severe, noting the actor’s sophistication despite being new to forums.
- Mitigation includes immediate password resets, credential rotation, monitoring, & contacting Oracle for incident response.
I thought Oracle Cloud was invulnerable. Heard Larry say so in a speech at the old HQ in 2018 or 2019. AI ya know.
Oracle $ucks