Advisory: Oracle Cloud Data Breach

Zurück zur Übersicht der Sicherheitshinweise

Informational

CVE(s)

Updated: 2025 März 23

Produkt(e)

Sophos Central

Veröffentlichungs-ID sophos-sa-20250321-oracle-cloud-data-breach

Artikelversion 2

Erstveröffentlichung 2025 März 23

Provisorische Lösung No

Overview

On 21 March 2025, a security breach was reported by CloudSEK’s XVigil discovered a threat actor, “rose87168” claiming to have stolen 6 million records from Oracle Clouds SSO and LDAP systems affecting 140,000 tenants.

No evidence that Sophos is impacted has been identified.

Related information

https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants
https://www.cloudsek.com/blog/part-2-validating-the-breach-oracle-cloud-denied-cloudseks-follow-up-analysis

Advisory: Oracle Cloud Data Breach

Overview

Related information

Sophos Responsible Disclosure Policy