Oracle Cloud Breach Check

Was Your Organization Affected By The Oracle Cloud Breach?

In March 2025, a threat actor claimed to have breached Oracle Cloud's SSO infrastructure. Find out if your organization should take precautionary action.

Check My Organization Learn More
Incident Background

What happened with Oracle Cloud.

Here is what we know about the alleged breach and why your organization should still take precautions.

⚠ The Alleged Breach

In March 2025, a threat actor claimed to have breached Oracle Cloud's SSO login servers, allegedly accessing over 6 million records including encrypted SSO credentials and Java Keystore (JKS) files.

The alleged attacker claimed to have exfiltrated data from Oracle Cloud's federated SSO infrastructure, which could potentially include LDAP passwords, OAuth2 keys, and tenant configuration data.

Oracle has denied the breach, and no independent verification has confirmed the claims. However, multiple cybersecurity researchers have analyzed samples that the threat actor made available.

Disclaimer: This page is provided for educational and precautionary purposes. We are not confirming or denying the breach. We recommend all Oracle Cloud customers take the precautionary steps outlined below regardless of breach confirmation status.

Check your organization.

Our security team will check your organization against known indicators and deliver a report within 24 hours.

Check Request Received
Our security team will check your organization against known indicators from the alleged Oracle Cloud breach and deliver a report within 24 hours. In the meantime, we recommend taking the precautionary steps below.
View Precautions M365 Audit
🔒
Your data is encrypted
👥
Team-reviewed results
24-hour delivery
Recommended Actions

Precautionary steps to take now.

Whether or not your organization is confirmed affected, these steps will strengthen your security posture against credential-based attacks.

01
Rotate Oracle Cloud Credentials
Immediately reset all Oracle Cloud passwords, API keys, and service account credentials. Prioritize accounts with administrative privileges.
02
Review SSO Configurations
Audit your federated SSO setup, SAML configurations, and OAuth2 integrations. Regenerate any shared secrets or certificates used in federation.
03
Enable MFA on All Oracle Services
Enforce multi-factor authentication on every Oracle Cloud account. Use hardware security keys or authenticator apps rather than SMS-based MFA.
04
Audit Access Logs
Review Oracle Cloud access logs for suspicious activity, especially unauthorized logins, unusual geographic locations, or off-hours access attempts.
05
Full M365 Security Audit
If your Oracle Cloud SSO federates with Microsoft 365, your M365 environment may also be at risk. A full audit can identify compromised access paths.

Don't stop here. Audit everything.

Credential breaches often cascade across connected services. Make sure your entire environment is secure.