Alleged Oracle Cloud Supply Chain Attack

On March 20, 2025 a Breach Forums user claimed to have stolen six million records from Oracle Cloud SSO/LDAP services and offered the data for sale, alleging compromise of login.(region).oraclecloud.com and listing 140,000 impacted organizations; Oracle denies the breach but CloudSEK reported a compromised production SSO endpoint possibly leveraged via a known Oracle Fusion Middleware vulnerability (CVE-2021-35587). Organizations listed are advised to reset/rotate Oracle SSO and LDAP credentials, enforce MFA, and update authentication methods while the incident remains under investigation.