Oracle has denied any breach of its Cloud services despite claims from a hacker known as rose87168, who is allegedly selling 6 million stolen data records.

The leaked database reportedly includes encrypted single sign-on (SSO) passwords, LDAP information, and a list of companies.

CloudSEK conducted a follow-up investigation and claims to have found conclusive evidence of the breach, tracing it to a compromised Single Sign-On endpoint.

The Register is awaiting a response from Oracle regarding the new claims and developments from CloudSEK and Hudson Rock.

CloudSEK confirmed the authenticity of customer domains provided by the hacker, linking them to real Oracle Cloud customers.

If the data is genuine, the implications for cybersecurity could be severe, potentially enabling supply chain and ransomware attacks.

The alleged breach was said to involve the US2 and EM2 login servers, with the hacker providing a text file as supposed evidence.

The compromised endpoint, login.us2.oraclecloud.com, was reportedly used to steal data from over 140,000 tenants.

The situation remains uncertain, with potential scenarios ranging from an undiscovered breach to entirely false claims by the hacker.

Experts warn that if the breach is confirmed, it could serve as a significant wake-up call for businesses relying on third-party cloud platforms.

rose87168 is offering the stolen data on BreachForums, either for sale or in exchange for zero-day exploits, and has threatened to list the domains of affected companies unless they pay to remove their information.

Rahul Sasi, CEO of CloudSEK, emphasized the importance of transparency and advised companies to change their SSO and LDAP credentials immediately.