Oracle Cloud Breach: What Happened and Why OCI Claims No Impact

Oracle recently sent a letter to customers admitting that some of its public cloud services were breached, while insisting that Oracle Cloud Infrastructure (OCI) remained unaffected, sparking criticism in the security community.

On March 20, attackers posted the stolen data on security and crime forums, and Oracle took about 18 days to notify customers, highlighting the seriousness of the incident.

The original Oracle notice began with “Dear Oracle Customer,” and then stated unequivocally that OCI had never experienced a security breach, that OCI customer environments were never invaded, that OCI customer data was never viewed or stolen, and that OCI services were never interrupted.

In reality, the breach affected Oracle Cloud Classic – the older “Big Red” database platform still running on outdated servers – not OCI. A hacker accessed two obsolete servers, posted the username rose87168 , and claimed to have stolen six million customer records, including security keys and encrypted passwords, even creating a text file on the login server login.us2.oraclecloud.com.

The hacker did not expose usable passwords because the passwords on those servers were either encrypted or hashed, but the incident underscores the risks of leaving unpatched legacy systems exposed.

Oracle acknowledged the attack and admitted that some unpatched, outdated servers were left online like “live bait.” The breach was reportedly caused by a vulnerability in Oracle’s own middleware that the company failed to patch.

While the compromised servers did not expose clear‑text passwords, the episode serves as a reminder that even large vendors have serious security gaps and that rigorous, careful management of legacy assets is essential.

In conclusion, big companies are not immune to vulnerabilities; diligence and meticulous security practices are required for both large and small organizations.

For any questions about this notice, contact Oracle Support or your Oracle account manager.

Good luck!

Editor:万能的大雄 Reference: bleepingcomputer