Bleeping Computer report that although Oracle are telling clients the login data is "old", they've received login details from the threat actor current to this year (2025). Oracle haven't returned requests for comment. https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
The Oracle cloud threat actor has told the BBC they plan to release European region Oracle Cloud Classic data this weekend. #threatintel
The Register has a look at the Oracle situation. No new info, as Oracle won’t comment on anything and the info they’ve told customers is extremely light.
https://www.theregister.com/2025/04/08/oracle_cloud_compromised/
Oracle have finally issued to a written notification to customers about their cybersecurity incident.
They are again wordsmithing. OCI is a different org unit in Oracle to Oracle Classic - they’re denying a different scope.
How long was the attacker in the SaaS solution (that Oracle manage)? What did they do with the access? How long were they in for? Why were ‘legacy’ systems containing customer info left unmanaged and insecure? Etc.
Really poor response from a SaaS provider.
