Hackread reports that cybersecurity firm CloudSEK has contested Oracle's categorical rejection of an alleged breach of its Oracle Cloud single sign-on endpoint that purportedly resulted in the compromise of 6 million records.
Despite assertions that Oracle has not been impacted by the breach, threat actor "rose87168" discovered by CloudSEK researchers to have targeted the firm's production SSO endpoint "login.us2.oraclecloud.com," which was later leveraged to pilfer over 140,000 tenants' records.
The domain was also leveraged to allow API request authentication, according to CloudSEK, which also validated the stolen customer domain names that rose87168 posted as samples.
Oracle's immediate repudiation of the breach claims has already been questioned by cybersecurity experts, including Chad Cragle, chief information security officer at Deepwatch.
"Dismissing the incident without addressing this key detail raises more questions than answers," said Cragle. "If Oracle wants to maintain credibility, the company must clarify how the file ended up there, whether any security gaps were exploited, and why the subdomain was taken down."
