A hacker named ‘rose87168’ claims to have breached Oracle Cloud, stealing data from over 140,000 tenants, including sensitive credentials. While Oracle denies any breach, cybersecurity firms like Hudson Rock, CloudSEK, and Kela have confirmed the authenticity of the leaked data, suggesting compromised production environments. Evidence points to a potential vulnerability exploitation, possibly involving CVE-2021-35587 in Oracle Fusion Middleware. Victims include private companies and government entities across 90 countries. Despite Oracle’s denial, investigations are ongoing.

‍