Oracle Confirms Breach, Exposing Client Data in Legacy Systems

Oracle confirms breach of legacy cloud infrastructure, exposing client data and raising security concerns.

Oracle has acknowledged a cybersecurity attack on its older cloud infrastructure, after client credentials were stolen since 2017. The attack, on Oracle's Gen 1 (Oracle Cloud Classic) servers, was first discovered in late February 2025, when attackers used a 2020 Java vulnerability to install malware and gain access to sensitive information, such as usernames, hashed passwords, and user emails. While Oracle asserts this violation involves older, non-sensitive information, the threat actor in question has released newer information, such as information from 2024 and 2025, on hacking forums, which contradicts Oracle's assertions.

The breach had been of Oracle's Identity Manager (IDM) database, and the attacker, "rose87168," was said to have sold 6 million stolen records on BreachForums in March 2025. Even though stolen data was confirmed, Oracle has refuted that the breach impacted its Oracle Cloud service, which it has renamed Oracle Classic. The firm maintains to claim that there have not been any affected customers of its ongoing Oracle Cloud services, yet security professionals are noted to critic that Oracle's game of names for services is deceiving.

Oracle, reacting to the hack, engaged security company CrowdStrike and the FBI to determine how the attack took place. The hack also fueled fears of the security practice by Oracle, especially concerning aging platforms. Moreover, Oracle is also experiencing another breach incident involving Oracle Health (previously Cerner), in which hackers have accessed legacy data servers with sensitive patient information of U.S. healthcare organizations. The attacker in this breach has allegedly been extorting hospitals for tens of millions of dollars' worth of cryptocurrency in order to keep stolen data from being leaked.

These events have highlighted Oracle's vulnerability management as well as the security of its legacy platforms, and people have questioned the company's strategy for protecting sensitive data.