icon
icon
icon
icon
🏷️$300 Off
🏷️$300 Off

News /

Articles /

Oracle Faces Stock Plunge Following Data Breach Revelations

Mover TrackerThursday, Apr 10, 2025 7:21 pm ET
2min read

Oracle recently experienced a notable setback with its shares dropping by 4.54% on April 10. The downturn occurred in the wake of revelations regarding a data breach involving two outdated servers. Reports by BleepingComputer on April 9 indicated that oracle had informed its customers via email about the incident, acknowledging the theft and subsequent leak of credentials by hackers.

According to the reports, a hacker named "rose87168" claimed to have compromised Oracle Cloud servers, offering for sale six million login credentials and encrypted passwords. They released a text file containing a list of domains from databases, LDAP data, and 140,000 entities from corporate and government institutions. The authenticity of the leaked samples was confirmed by several clients, showing valid data such as LDAP display names and email addresses.

CybelAngel's disclosures suggested that attackers had deployed web shells and malware on Oracle Cloud Classic servers back in January 2025, leading to the unauthorized extraction of user information from the Oracle Identity Manager database. Despite these findings, Oracle initially maintained that Oracle Cloud itself had not been compromised. However, the latest communication to customers confirmed a successful breach involving two legacy servers hosting some credentials. Oracle emphasized that these servers were unrelated to Oracle Cloud Infrastructure (OCI), and no sensitive customer data was affected.

The company's email stated explicitly, "No security breach occurred in Oracle Cloud, and the OCI client environment remained secure with no data viewed, stolen, or service disruptions." They asserted that usernames disclosed by the hackers originated from non-OCI systems and, being encrypted or hashed, could not be used directly.

The incident has led Oracle to initiate notification procedures for impacted customers while attempting to mitigate the perceived repercussions. The hacker had initially attempted to extort Oracle for $20 million but shifted strategies to selling the data or exchanging it for zero-day exploits. This situation has heightened concerns about the security integrity of Oracle's cloud infrastructure and the potential risks faced by affected clients.

In response to the breach claim, Oracle refuted the hacker's allegations, reiterating that Oracle Cloud had not been infiltrated and assuring that client data remained uncompromised. Despite Oracle's stance, reports from BleepingComputer and cybersecurity firms like Cloudsek have validated the leaked data's veracity. Furthermore, vulnerabilities in Oracle Fusion Middleware hosted on attacked servers have been highlighted, prompting Oracle to take them offline.

Oracle is engaged in notifying its customers discreetly, relaying the potential exposure of usernames, security keys, and encrypted passwords. Both the FBI and CrowdStrike are actively investigating the breach. Experts like Kevin Beaumont have criticized Oracle's handling of the incident, urging transparency and accountability to prevent eroded trust among clients.

Overall, the data breach poses significant challenges for Oracle, questioning its security practices, with potential consequences on customer confidence and market performance. As investigations continue, the tech giant faces mounting pressure to uphold its credibility amid industry scrutiny.

Comments

Add a public comment...
Post
Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.
You Can Understand News Better with AI.
Whats the News impact on stock market?
Its impact is
fork
logo
AInvest
Aime Coplilot
Invest Smarter With AI Power.
Open App