Resolved -
This incident is currently being actively monitored by Team Axon.
Any new information or developments will be promptly updated on this page.
If you have any questions or concerns, please feel free to contact us.
Sincerely,
Team Axon
Mar 30, 08:03 UTC
Investigating -
On March 21, 2025, A major security incident was reported involving Oracle Cloud’s authentication systems. A threat actor known as “rose87168” has claimed responsibility for the breach, alleging the theft of 6 million records affecting over 140,000 tenants. The compromised data is said to include:
- JKS (Java KeyStore) files
- Encrypted SSO and LDAP credentials
- JPS (Java Platform Security) keys
The attacker claims to have accessed login endpoints belonging to Oracle:
login..oraclecloud.com
While Oracle has publicly denied that a breach occurred, multiple independent sources have claimed to have verified the authenticity of the stolen data, which allegedly contains production information from impacted customers.
This incident remains under active evaluation, we are committed to providing timely updates, insights, and recommendations to ensure our customers remain secure. A detailed AXON report outlining our findings, insights, and recommended actions will be shared upon the conclusion of our Rapid Response efforts.
If you have any questions or concerns, please do not hesitate to contact us.
Sincerely,
Team AXON
Mar 27, 16:04 UTC