Oracle Confirms Second Hacking Attack in a Month
Last updated: April 17, 2025
Oracle, the world’s largest database management company, has confirmed a breach of its systems and exposure of old login credentials, as reported by Bloomberg. This is the second, seemingly unconnected, confirmed breach into the company’s records in less than a month.
On March 20, a hacker using the moniker “rose87168” published an offer on the popular hacking platform BreachForums to sell data linked to over 140,000 Oracle Cloud users.
According to an independent investigation by cybersecurity company CybelAngel, the exposed data includes email addresses, usernames, and passwords. Oracle claims that the dataset does not contain full Personally Identifiable Information (PII).
The hacker initially demanded $20 million in ransom from Oracle but later offered the data to forum users or sought to trade it for zero-day exploits.
In a statement to customers, Oracle initially denied the breach: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
However, after the hacker published further information, samples, and other proof that backed up their claims, Oracle revised its stance.
In early April, the company began notifying clients that an attacker had breached a “legacy environment,” but added that the system hadn’t been in use for eight years. Oracle emphasized that the stolen credentials didn’t signify a major risk.
Speaking to Bloomberg, an anonymous source said that some of the login data dated back to 2024.
Posts by the hacker suggest they accessed even more recent information, possibly from 2025.
All communications between Oracle and affected customers have been entirely verbal, with no written records available. Oracle also claims that both the FBI and CrowdStrike Holdings, an independent cybersecurity firm, are looking into the breach.
This confirmation comes about a week after reports of another, reportedly unrelated, breach into the company’s healthcare branch, Oracle Health. The earlier hack affected multiple healthcare organizations across the US and exposed sensitive patient data.
Healthcare systems are an attractive target for ransomware attacks because of their patient’s vulnerable state and the quality of personal information. Earlier this year, the private rehabilitation clinic American Addiction Centers began notifying over 420,000 patients of a hack that compromised their PII.
