In a recent alert, the Financial Industry Regulatory Authority (FINRA) has raised alarms concerning a possible large-scale data breach affecting Oracle Cloud services. The organization issued this caution to member firms, emphasizing the necessity for them to review the implications on their operations as well as those of their third-party providers.
"Firms are encouraged to thoroughly evaluate any potential impact to their operations, as well as those of third-party providers, due to this incident," stated FINRA officials. The advisory came after an email was dispatched to member firms identified in posts from the alleged threat actor, which included those who had previously reported the use of Oracle’s products and services.
"Firms are encouraged to thoroughly evaluate any potential impact to their operations, as well as those of third-party providers, due to this incident,"
Reports indicate that around March 20, a threat actor began advertising an impressive cache of nearly six million data records for sale. The claimed source of this data includes sensitive information like encrypted passwords, password hashes, Java Key stores, and key files that may have been extracted from Oracle Cloud’s federated Single Sign-On (SSO) login servers. If the malicious actor's claims are verified, they would signify a significant vulnerability, alerting users that their data stored in the Oracle Cloud Platform could be at risk.
According to conversations with the threat actor, the breach allegedly took place around mid-February 2025. The threat actor provided data samples to support their claims and listed approximately 140,000 compromised domain names across various industries. This information was initially disclosed by CloudSEK, which reported on March 21 and confirmed that the stolen data samples matched the alleged breach.
Impact and Legacy
"We concluded from our analysis that the samples shared by the threat actor indeed reflected genuine credentials from impacted companies," said a spokesperson from CloudSEK. The same spokesperson indicated that preliminary discussions with the threat actor suggested that unauthorized access might involve potential vulnerabilities found in CVE-2021-35587, specifically targeting Oracle Fusion Middleware instances.
"We concluded from our analysis that the samples shared by the threat actor indeed reflected genuine credentials from impacted companies,"
Despite the severity of these claims, Oracle has publicly disputed allegations of any breach within its cloud infrastructure. "We firmly reject the notion that any unauthorized access has occurred within our Oracle Cloud services," assured an Oracle representative.
"We firmly reject the notion that any unauthorized access has occurred within our Oracle Cloud services,"
Impact and Legacy
The threat actor also extended a disturbing offer to affected companies, suggesting they could negotiate for the removal of their data from this extensive compilation, further advertising services for decoding or cracking passwords in return for payment or zero-day vulnerabilities from others in the market.
Given the ever-present risk of data breaches in the financial sector, FINRA has compelled firms to implement precautionary measures against such incidents. "Organizations are advised to consult FINRA’s guidelines on responding to cyber incidents, in order to strengthen their defenses," a FINRA spokesperson emphasized.
"Organizations are advised to consult FINRA’s guidelines on responding to cyber incidents, in order to strengthen their defenses,"
Firms are further encouraged to report any data breaches or attempts to breach their systems to relevant authorities. They are advised to reach out to their Risk Monitoring Analysts and follow up with necessary reports to the FBI and SEC.
"It's critical for member firms to understand that this alert does not impose new legal obligations, but rather suggests prudent steps firms can take to ensure compliance and safeguard their information," a legal expert explained.
"It's critical for member firms to understand that this alert does not impose new legal obligations, but rather suggests prudent steps firms can take to ensure compliance and safeguard their information,"
In light of these revelations, member firms are reminded to reassess their security policies and operational procedures in response to this potential threat. As the landscape of cybersecurity continues to evolve, vigilance remains paramount in protecting sensitive data against malicious actors.
