Islamabad, Apr 3, 2025: The National Computer Emergency Response Team (NCERT) has issued a warning to businesses regarding a potential security breach on Oracle Cloud. A hacker, identified by the alias “rose87168,” has allegedly released sensitive information, including a sample database, LDAP credentials, and a list of affected organizations, on dark web forums, according to the advisory.
The attacker claims to have breached Oracle Cloud servers 40 days ago and is now offering the stolen data for sale.
“Experts say that this data contains over six million records, including federated Single Sign-On (SSO) login details for Oracle Cloud users.”
“Security experts suspect that weaknesses in SSO authentication and LDAP misconfigurations caused the breach, potentially leading to unauthorized access and data theft in enterprise environments.”
“Attackers may exploit the stolen login credentials in credential stuffing attacks, allowing them to gain unauthorized access to multiple platforms.”
If confirmed, this breach could result in severe consequences, such as compromised cloud accounts, unauthorized data changes, and the potential deployment of harmful software like ransomware. Organizations using Oracle Cloud services must urgently take steps to mitigate these risks.
Read More: U.S. Senate Investigates Meta Alleged Efforts to Enter Chinese Market
One of the most alarming consequences of this breach is the risk of data exfiltration, where confidential business and customer information could be copied and sold on illegal platforms.
Cybercriminals could also use the leaked credentials to manipulate cloud settings, install malware, and disrupt business operations.
There are concerns that encrypted SSO passwords may be vulnerable to brute-force decryption, raising further security alarms.
In addition, phishing attacks targeting users of affected organizations have been reported, taking advantage of the compromised credentials to extend access to corporate networks.
Although Oracle has denied any breach, the National CERT advises organizations to proactively enforce security measures to guard against possible exploitation.
Businesses using Oracle Cloud, particularly those with SSO authentication and federated login systems, should consider the possibility of exposure and take preventive actions.
The advisory recommends resetting all SSO credentials, enabling Multi-Factor Authentication (MFA), and monitoring authentication logs for any unusual activity.
It is also essential for organizations to review identity management settings and apply relevant security patches.
To enhance security, companies should carry out internal security audits, limit access to vital cloud resources, and set up real-time threat detection systems.
Experts suggest using advanced endpoint protection and implementing strict access control policies based on user roles and requirements.
Additionally, businesses should train employees to recognize phishing attacks and suspicious login attempts to reduce further exploitation risks.
The NCERT has called for all Oracle Cloud users to conduct immediate security assessments, underscoring the importance of proactive monitoring and quick responses to incidents.
The advisory emphasizes the need for forensic investigations, credential revocation, and bolstered security configurations to mitigate risks linked to the suspected breach.
Organizations must act swiftly to safeguard sensitive information and prevent future cybersecurity threats.
