> Oracle Cloud Breach 6 Million Records Stolen and Vulnerability Exploited

Blog - 03 - Oracle Cloud Breach 6 Million Records Stolen Vulnerability Exploited

Mar 22, 2025

Oracle Cloud Data Breach - What you need to know to keep safe! - CVE-2021-35587

A company called CloudSEK recently discovered a big cyberattack on Oracle Cloud. This attack happened because of a weakness in Oracle's system that the bad guys were able to exploit. They stole a lot of sensitive information, including passwords and encryption keys, which they are now selling on the dark web.

The bad guys, who go by the name "rose87168," claim to have gotten into Oracle's system by exploiting a vulnerability in an older version of Oracle Fusion Middleware. This vulnerability, known as CVE-2021-35587, allows attackers to get into Oracle Access Manager without a password. The affected versions of Oracle Fusion Middleware are:

  • 11.1.2.3.0
  • 12.2.1.3.0
  • 12.2.1.4.0

What Does This Mean?

In simple terms, the bad guys found a way to get into Oracle's system because it was not properly updated. They were able to steal a lot of important information, including passwords and encryption keys. This means that the people who use Oracle Cloud might be at risk of having their information stolen.

Is My Oracle Cloud Version Vulnerable?

To determine if your current running version of Oracle Cloud is vulnerable, follow these steps:

  1. Check your Oracle Fusion Middleware version: Look for the version number in your Oracle Cloud settings or documentation. If it's one of the affected versions (11.1.2.3.0, 12.2.1.3.0, or 12.2.1.4.0), you might be vulnerable.
  2. Check for updates: Make sure your Oracle Cloud system is up to date. If you're not sure, contact Oracle support for help.
  3. Look for signs of a breach: Check your system for any signs of unauthorized access or suspicious activity.
  4. Contact Oracle support: Reach out to Oracle support to ask about your version and if you're at risk.

What Can You Do to Stay Safe?

CloudSEK recommends taking the following steps to protect yourself and your data:

  • Change your passwords: Update your passwords and encryption keys to prevent the bad guys from using the stolen information.
  • Check your system for signs of a breach: Look for any suspicious activity or signs of unauthorized access.
  • Keep an eye on your system: Monitor your system regularly for any signs of trouble.
  • Talk to Oracle: Reach out to Oracle support to ask about your version and if you're at risk. They can help you figure out what to do next.

What's Next?

Oracle has denied that there was a breach of their cloud infrastructure, but CloudSEK stands by their findings. Either way, it's essential to take steps to protect yourself and your data. By following the steps above, you can help keep your information safe and prevent any potential problems.