Kevin Beaumont on Nostr: Somebody is claiming to have exfiltrated 6 million lines of data with Oracle ...
Somebody is claiming to have exfiltrated 6 million lines of data with Oracle Cloud’s SSO and LDAP data that includes JKS files, encrypted SSO passwords, key files and enterprise manager JPS keys from servers on login.*.oraclecloud.com
The poster has no prior reputation, it is unclear if they're LARPing. Some of the sample data does align with prior infostealer logs, I'm told.
https://breachforums.st/Thread-SELLING-Oracle-cloud-traditional-hacked-login-X-oraclecloud-com#threatintel
Published at
2025-03-21 13:00:23Event JSON
{
"id": "25886c959d973818e410f29109418af3e8709a5ad6166c42c6b1b4f2b53220f3",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1742562023,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"imeta",
"url https://cyberplace.social/system/media_attachments/files/114/200/517/844/862/858/original/1563ce5dafbde69c.png",
"m image/png",
"dim 1600x849",
"blurhash U36H+S_3ogt8%%-;%MxuObRPV@RjEmE1IoM{"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/114200544766976524",
"activitypub"
]
],
"content": "Somebody is claiming to have exfiltrated 6 million lines of data with Oracle Cloud’s SSO and LDAP data that includes JKS files, encrypted SSO passwords, key files and enterprise manager JPS keys from servers on login.*.oraclecloud.com\n\nThe poster has no prior reputation, it is unclear if they're LARPing. Some of the sample data does align with prior infostealer logs, I'm told. https://breachforums.st/Thread-SELLING-Oracle-cloud-traditional-hacked-login-X-oraclecloud-com\n\n#threatintel\n\nhttps://cyberplace.social/system/media_attachments/files/114/200/517/844/862/858/original/1563ce5dafbde69c.png",
"sig": "5f537fc155bc339695b839f1a0e500364224db69e7a9c80e6db885b707a7755a802822ba1a6878d630c33bd5142b7718e398f5b515f49bf7e3303ddad7d73fed"
}
