Oracle Allegedly claim breached data is from 2017 and earlier – however, threat intelligence analysis suggests it’s not

Written By Laura Reilly

In recent weeks, reports have emerged of a data breach involving Oracle Cloud. According to Bloomberg, Oracle privately contacted some affected customers to confirm the breach, despite publicly denying it.  

BleepingComputer followed up with details that challenge Oracle’s narrative. While Oracle reportedly claimed the breach was limited to a “legacy environment” last used in 2017, the threat actor reportedly shared records dated as recently as 2024 and 2025.  

Cyro’s Analysis

In Cyro's analysis of the leaked data, we found additional indicators that support the threat actor’s claims: namely, user records created between August 2024 and February 2025, consistent in structure with the earlier leaked dataset.   

To further analyse Oracle’s timeline, our threat intelligence team:

  • Cross-referenced 140,000 leaked domains against DNS, WHOIS, and company registration data.

  • Manually verified the sample set. In several cases, the domains in question were first registered in 2018 or later, with no digital footprint prior to that, making it highly unlikely they were using Oracle Cloud in 2017. 

  • One example: a domain first registered on 1 August 2018, by a company founded in November 2018, with no archived website content before that date.  

This casts doubt on suggestions by Oracle that the data in the leak is from 2017, as our analysis has shown that there are a number of companies listed that were established as recently as 2024 and 2025.  If true, this would constitute a much more severe breach than Oracle is currently reporting.   

Proactive threat monitoring plays a crucial role in ongoing risk management, especially within third-party environments. Oracle’s recent breach highlights this need, as threat actors exploited vulnerabilities in a third-party system. A mature cyber security capability requires a proactive, vigilant approach - not just after a breach, but at all times.

Your Cyber Security Guardians

At Cyro Cyber, we proactively engaged with our clients affected by the Oracle breach after identifying they were named in the breach.  If you’ve been affected by this recent breach or have any questions or concerns, we’re here to support you.

We’re your cyber security guardians, and your allies in the long-term strategic defence, and ongoing implementation of cyber security countermeasures.

Please get in touch below if you would like further guidance. 

Featured
Cyro Chapter - The UK Cyber Security and Resilience Bill
Cyro Chapter - The UK Cyber Security and Resilience Bill

The first Cyro Chapter of 2025 was a huge success, bringing together cyber security leaders from a plethora of industries. This session was a discussion on the forthcoming Cyber Security and Resilience Bill and examined its potential implications and the steps organisations should take to prepare for the evolving cyber landscape.

Debunking Common PCI DSS Myths
Debunking Common PCI DSS Myths

PCI requirements are notoriously complex, scoping gets messy, and the plethora of guidance out there often raises more questions than answers! But with the right strategies, you can avoid these pitfalls.

Cyro Chapter - Responsible AI: Addressing Ethical Challenges and Privacy Concerns
Cyro Chapter - Responsible AI: Addressing Ethical Challenges and Privacy Concerns

November 2024’s edition of the Cyro Chapter saw another successful meetup, bringing together a dynamic community of cyber security leaders. This session focused on using AI responsibly and the associated risks, a topic of increasing importance in today’s rapidly evolving technological landscape.

Laura Reilly
Next

Starmer Says – The Prime Minister’s View on How the UK Will Become a ‘World Leader’ in AI… But What About Cyber Security?