Abishek D Praphullalumar
Oracle has confirmed a data breach involving two outdated servers, emphasizing that Oracle Cloud Infrastructure (OCI) remains unaffected. In emails to customers, Oracle stated that the stolen data included usernames but not usable passwords, as they were encrypted or hashed. The company assured users that no OCI service was disrupted and that the compromised servers were never part of the modern OCI platform.
However, the situation has sparked controversy. The breach became public in March when a hacker attempted to sell 6 million user records. Oracle insists it was limited to Oracle Cloud Classic its legacy environment, but cybersecurity expert Kevin Beaumont argues this is a play on words, as Oracle still manages both platforms. This distinction, he says, may downplay the true extent of the breach.
To add further concern, CybelAngel reports that malware was installed on the legacy servers as early as January 2025. Data posted by the hacker includes records from late 2024 and 2025, contradicting Oracle’s claims of the data being old. BleepingComputer confirmed that samples matched real customer information. Oracle has yet to clearly define whether the affected servers are part of Oracle Cloud Classic or another internal classification.
