140,000 Oracle Cloud enterprise customers at risk because of ransomware demand!

CSOonline.com reported that “A threat actor has reportedly breached Oracle Cloud infrastructure, exfiltrating six million sensitive authentication records and potentially endangering more than 140,000 enterprise customers. The attacker is now demanding ransom payments while actively marketing the stolen data on underground forums,…”  The March 24, 2025 article entitled " Oracle Cloud breach may impact 140,000 enterprise customers” (https://www.csoonline.com/article/3852643/oracle-cloud-breach-may-impact-140000-enterprise-customers.html) included these comments:

Security researchers at CloudSEK’s XVigil team discovered the breach on March 21, 2025, when they identified a threat actor operating under the alias “rose87168” selling millions of records extracted from Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems.

The compromised data includes critical security components such as Java KeyStore (JKS) files, encrypted SSO passwords, key files, and Enterprise Manager Java Platform Security (JPS) keys – all essential elements for authentication and access control within the Oracle Cloud environment.

This is very bad news, but not really a surprise!