In March 2025, reports surfaced regarding a potential security incident involving Oracle Cloud’s federated Single Sign-On (SSO) authentication system. A threat actor, identified as ‘rose87168’, claimed to have exploited a vulnerability within Oracle’s systems, allegedly exfiltrating approximately six million records, including encrypted SSO passwords, Java KeyStore (JKS) files, and Lightweight Directory Access Protocol (LDAP) information (see: SOCRadar® Cyber Intelligence Inc.)

Oracle has firmly denied these allegations, stating unequivocally that there has been no breach of Oracle Cloud and that no customer data has been compromised.

Recommended Actions:

In light of these developments, NSI Global advises organisations utilising Oracle Cloud services to adopt the following measures:

1. Credential Management:
   • Reset Credentials: Promptly reset all SSO and LDAP credentials, especially those with elevated privileges.
   • Implement Multi-Factor Authentication (MFA): Enforce MFA to add an additional layer of security to user accounts (see: Oracle Docs+4Rewterz – Revolutionizing Cybersecurity+4Stack Overflow+4)
2. Security Monitoring:
   • Enhance Monitoring: Increase vigilance by monitoring authentication systems for unusual or unauthorised activities.
   • Review Logs: Regularly audit logs for signs of suspicious behaviour or potential breaches.
3. Patch Management:
   • Apply Updates: Ensure all systems are updated with the latest security patches to mitigate known vulnerabilities.
   • Verify Patch Implementation: Confirm that patches have been successfully applied across all relevant systems.
4. Engagement with Oracle:
   • Maintain Communication: Stay in contact with Oracle for official updates and guidance regarding the situation.
   • Seek Clarification: Request detailed information on any potential impacts to your organisation’s data.
5. Incident Response Preparedness:
   • Develop Response Plans: Establish or update incident response plans to address potential security incidents.
   • Conduct Drills: Regularly perform drills to ensure staff are prepared to respond effectively to security incidents.

By implementing these measures, organizations can enhance their security posture and better protect their systems and data against potential threats.

NSI Global can help you:

• Develop a comprehensive security strategy that addresses all aspects of security risk.
• Implement effective security controls to mitigate risks and protect sensitive information.
• Respond to data breaches and other security incidents quickly and effectively.
• Build a culture of security awareness within your organisation.

Taking action today is essential to protect your organisation from the growing threat of data breaches. Contact NSI Global to learn more about how we can help you secure your data and safeguard your reputation.