Remember, kids: tell the truth or someone will tell it for you. Kevin Beaumont picks up the story of how Oracle denies a breach when there has been so much confirmation of it, e..g.:
Oracle told Bleeping Computer, and customers, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data”
The threat actor then posted an archive.org URL and provided it to Bleeping Computer, strongly suggesting they had write access to login.us2.oraclecloud.com, a service using Oracle Access Manager. This server is entirely managed by Oracle.
The URL on archive.org was subsequently removed.
The threat actor then provided a several hour long recording of an internal Oracle meeting, complete with Oracle employees talking for two hours.
The meeting is viewable here and the transcript is here:
https://github.com/j-klawson/oracle_breach_2025/blob/main/youtube_video_transcript.txt
Read and view more on Medium. Kevin has seen enough to convince him that this is a real incident and that Oracle is engaging in deceptive language to avoid responsibility:
Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility.This is not okay. Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they’re doing about it. This is a matter of trust and responsibility. Step up, Oracle — or customers should start stepping off.
Update 1 — Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident. Oracle are denying it on “Oracle Cloud” by using this scope — but it’s still Oracle cloud services that Oracle manage. That’s part of the wordplay.
You can follow me on Mastodon for the latest updates, if you want: https://cyberplace.social/invite/hHiX8ntL or @[email protected]