Despite the company’s insistence that “there has been no breach of Oracle Cloud,” BleepingComputer has stood up the hack by talking to multiple affected firms.

We're talking about LDAP credentials, email addresses, display names—all cross-checked and verified by companies that now find themselves caught in Oracle’s crossfire of contradictions.

As we reported earlier, the hacker not only shared data samples and Archive.org links pointing to Oracle’s own servers but also claimed access via a known vulnerability in Oracle Fusion Middleware 11g (CVE-2021-35587)—a flaw that lets unauthenticated attackers waltz through Oracle Access Manager like it’s 2010.

The compromised “login.us2.oraclecloud.com” server has since gone dark without explanation.

Rose87168 emailed Oracle directly, allegedly stating: “I've dug into your cloud dashboard infrastructure and found a massive vulnerability that has granted me full access to information on 6 million users.”

Oracle’s response? A shrug—and a ProtonMail contact, which may or may not be them, suggesting a new backchannel for communications.

While Oracle publicly declares “no breach,” its own infrastructure appears to have been exploited using an old CVE they never properly locked down. Cloudsek confirms the vulnerable middleware was still active as of mid-February. Since then, the entire server has been wiped off the map.