Back in September 2019, Oracle announced a free tier in their Oracle Cloud.  Terms were pretty generous (two 1GB VMs, 100GB disk, 10TB transfer) and this option was very popular in our community.

Unfortunately, today CloudSEK announced that 140K tenants’ data (6 million records) have been leaked.

On 21 March 2025, CloudSEK’s XVigil discovered a threat actor, “rose87168,” selling 6M records exfiltrated from SSO and LDAP of Oracle Cloud. The data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys.

The attacker, active since January 2025, is incentivizing decryption assistance and demanding payment for data removal from over 140K affected tenants. Our engagement with the threat actor suggests a possible undisclosed vulnerability on login.(region-name).oraclecloud.com, leading to unauthorized access. While the threat actor has no prior history, their methods indicate high sophistication, CloudSEK assesses this threat with medium confidence and rates it as High in severity.

According to the hacker, Tesla, Nike, Adidas, Visa, and other firms are affected.  It’s not clear if the free tier is affected.  The hack refers to SSO, LDAP, and other functions that are more typically used by large enterprises.

There is a page where you can check your check your exposure.

Update: LowEndTalk member @dedipromo confirmed that the free tier is affected, too.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Five Times When Updating Your OS Would Have Saved You From Being Hacked - April 17, 2025
• How Big Can Tiny microSD Cards Get? Limits, Physics, and the Road Ahead - April 16, 2025
• Beancount: Lightweight FOSS Double-Entry Accounting…from the Command Line! - April 15, 2025