Customers Validate Exposed Oracle Data Amid Breach Denial

BleepingComputer reports that numerous organizations corroborated data purported by threat actor "rose87168" to be among the six million records stolen from Oracle Cloud federate single sign-on login servers. The validation follows Oracle's categorical denial of such a breach. Under cover of anonymity, representatives from impacted organizations confirmed that all LDAP display names, given names, email addresses, and other information exposed by rose87168 were legitimate. Aside from providing an email warning Oracle's security team of the server compromise, the threat actor also shared with BleepingComputer an email thread with a supposed Oracle representative using a ProtonMail email address that requested the use of the said address for communications regarding the incident. This development comes after CloudSEK reported that Oracle had its "login.us2.oraclecloud.com" server targeted as part of the intrusion. Because the server operated on a vulnerable Oracle Fusion Middleware 11g instance, attackers infiltrated Oracle Access Manager and breached its servers. Oracle has yet to acknowledge such findings.