Oracle confirmed a data breach affecting its older Gen 1 servers, its second incident in weeks, highlighting legacy system vulnerabilities and data security concerns.
Oracle Breach Details
Cyber Security News reports that a threat actor, “rose87168,” first disclosed the breach on BreachForums on March 20, 2025.
The attacker claimed access to 6 million records, including usernames, emails, hashed passwords, and sensitive authentication credentials like SSO and LDAP information.
They also exfiltrated Java Key Store (JKS) files and Enterprise Manager JPS keys. While no full PII was exposed, Oracle confirmed the data is 16 months old.
The breach stemmed from a 2020 Java vulnerability, allowing the hacker to deploy malware and a web shell targeting Oracle’s Identity Manager (IDM) database.
The attacker reportedly gained access in January 2025, remaining undetected until late February, prompting an internal investigation.
Oracle’s Response and Client Notifications
Oracle quickly alerted affected clients and reinforced security for its Gen 1 servers, assuring that Gen 2 servers and Oracle Cloud remain unaffected. While the company emphasized the breach was limited to legacy systems, cybersecurity firm CybelAngel reported Oracle privately acknowledged unauthorized access.
Impacted clients have been advised to reset credentials, monitor for suspicious activity, and enhance security measures. The attacker, “rose87168,” appears new to cybercrime, demanding a $20 million ransom while also seeking to trade stolen data for zero-day exploits.
To prove their claims, the hacker released sample databases and LDAP credentials, which security researchers confirmed as authentic. This breach has intensified scrutiny on Oracle’s security practices, especially after a recent attack on its Health division’s legacy Cerner servers, which compromised U.S. patient data.
Although Oracle insists the incidents are unrelated, experts warn that legacy system vulnerabilities pose serious risks. This case highlights the challenge of securing outdated infrastructure while transitioning to modern platforms.
Leave A Comment