"The Biggest Supply Chain Hack of 2025": Oracle Cloud Leaks 140K Tenants' Details

Mar 22, 2025 @ 7:00 pm

Back in September 2019, Oracle announced a free tier in their Oracle Cloud. Terms were pretty generous (two 1GB VMs, 100GB disk, 10TB transfer) and this option was very popular in our community.

Unfortunately, today CloudSEK announced that 140K tenants’ data (6 million records) have been leaked.

On 21 March 2025, CloudSEK’s XVigil discovered a threat actor, “rose87168,” selling 6M records exfiltrated from SSO and LDAP of Oracle Cloud. The data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys.
The attacker, active since January 2025, is incentivizing decryption assistance and demanding payment for data removal from over 140K affected tenants. Our engagement with the threat actor suggests a possible undisclosed vulnerability on login.(region-name).oraclecloud.com, leading to unauthorized access. While the threat actor has no prior history, their methods indicate high sophistication, CloudSEK assesses this threat with medium confidence and rates it as High in severity.

According to the hacker, Tesla, Nike, Adidas, Visa, and other firms are affected. It’s not clear if the free tier is affected. The hack refers to SSO, LDAP, and other functions that are more typically used by large enterprises.

There is a page where you can check your check your exposure.

Update: LowEndTalk member @dedipromo confirmed that the free tier is affected, too.

MariaDB Swallowed by Private Equity

Google is Building a Datacenter in...um, Where...?!?

Oracle Cloud Launches in Colombia, While AWS/GCP/Azure Lag in South America

CLONE WARS: How Every Major RHEL Clone is Reacting to IBM, From Counter-Exploiting Legal Loopholes t...

From Oracle Cloud to TOR to Telegram: Check Out LowEndTalk Tutorials!

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308