Oracle Faces Stock Plunge Following Data Breach Revelations
Oracle recently experienced a notable setback with its shares dropping by 4.54% on April 10. The downturn occurred in the wake of revelations regarding a data breach involving two outdated servers. Reports by BleepingComputer on April 9 indicated that oracle had informed its customers via email about the incident, acknowledging the theft and subsequent leak of credentials by hackers.
According to the reports, a hacker named "rose87168" claimed to have compromised Oracle Cloud servers, offering for sale six million login credentials and encrypted passwords. They released a text file containing a list of domains from databases, LDAP data, and 140,000 entities from corporate and government institutions. The authenticity of the leaked samples was confirmed by several clients, showing valid data such as LDAP display names and email addresses.
CybelAngel's disclosures suggested that attackers had deployed web shells and malware on Oracle Cloud Classic servers back in January 2025, leading to the unauthorized extraction of user information from the Oracle Identity Manager database. Despite these findings, Oracle initially maintained that Oracle Cloud itself had not been compromised. However, the latest communication to customers confirmed a successful breach involving two legacy servers hosting some credentials. Oracle emphasized that these servers were unrelated to Oracle Cloud Infrastructure (OCI), and no sensitive customer data was affected.
The company's email stated explicitly, "No security breach occurred in Oracle Cloud, and the OCI client environment remained secure with no data viewed, stolen, or service disruptions." They asserted that usernames disclosed by the hackers originated from non-OCI systems and, being encrypted or hashed, could not be used directly.
The incident has led Oracle to initiate notification procedures for impacted customers while attempting to mitigate the perceived repercussions. The hacker had initially attempted to extort Oracle for $20 million but shifted strategies to selling the data or exchanging it for zero-day exploits. This situation has heightened concerns about the security integrity of Oracle's cloud infrastructure and the potential risks faced by affected clients.
In response to the breach claim, Oracle refuted the hacker's allegations, reiterating that Oracle Cloud had not been infiltrated and assuring that client data remained uncompromised. Despite Oracle's stance, reports from BleepingComputer and cybersecurity firms like Cloudsek have validated the leaked data's veracity. Furthermore, vulnerabilities in Oracle Fusion Middleware hosted on attacked servers have been highlighted, prompting Oracle to take them offline.
Oracle is engaged in notifying its customers discreetly, relaying the potential exposure of usernames, security keys, and encrypted passwords. Both the FBI and CrowdStrike are actively investigating the breach. Experts like Kevin Beaumont have criticized Oracle's handling of the incident, urging transparency and accountability to prevent eroded trust among clients.
Overall, the data breach poses significant challenges for Oracle, questioning its security practices, with potential consequences on customer confidence and market performance. As investigations continue, the tech giant faces mounting pressure to uphold its credibility amid industry scrutiny.