Oracle Under Fire After Controversial Response to Recent Hack
Oracle is facing growing backlash from the cybersecurity community following its handling of a recent hacking incident that exposed user information from outdated servers. While the tech giant has now started issuing written notifications to affected customers, critics argue that the company’s delayed and confusing response has only worsened the situation.
Table of Contents
From Denial to Damage Control
The controversy began on March 20, 2025, when a hacker surfaced on a well-known cybercrime forum, claiming to have breached Oracle Cloud servers. The attacker offered millions of records for sale, allegedly tied to over 140,000 Oracle tenants, and including encrypted or hashed login credentials.
Oracle responded quickly, issuing a firm denial that Oracle Cloud systems had been compromised. However, as the hacker began leaking samples of the stolen data—later deemed likely authentic by cybersecurity researchers—Oracle customers started coming forward to confirm their data was part of the breach. This contradicts Oracle’s original statements and raised serious questions about the transparency of its communication.
Following these revelations, Oracle shifted from public denials to private disclosures. It reportedly contacted customers verbally to admit that while some systems were accessed, the breach did not involve Oracle Cloud Infrastructure (OCI). It wasn’t until April 7—over two weeks after the breach was made public—that Oracle began issuing formal written notifications.
Leaked Data Tied to Legacy Servers
In its written communications, Oracle insisted that “no OCI customer environment has been penetrated,” and claimed that no customer data or service had been compromised. Instead, the company revealed that the attacker accessed usernames from two legacy servers no longer in use and not part of OCI.
According to Oracle, the passwords associated with those usernames were either encrypted or hashed, rendering them unusable. The hacker reportedly confirmed that they were unable to crack the encrypted credentials.
Despite these assurances, cybersecurity experts remain skeptical. Security analyst Max Solonski criticized Oracle’s downplaying of the situation, pointing out that usernames themselves can be considered customer data and may still pose a risk. He also noted that encrypted passwords, while more secure, could still be cracked over time with enough effort.
Security researcher Kevin Beaumont added to the criticism, labeling Oracle’s official notification as “an exceptionally poor response for a company that manages extremely sensitive data.” He suspects that the breached systems were part of Oracle’s legacy infrastructure, known as Oracle Classic or Gen1 servers, which may have allowed the company to technically deny a breach of OCI while still suffering a compromise.
Lingering Questions and Growing Scrutiny
While Oracle maintains that the stolen data was old, some reports suggest the information could be as recent as 2024 or even 2025, aligning with the hacker’s claims. This discrepancy further fuels doubts about the completeness of Oracle’s disclosures and the true extent of the breach.
There are also unanswered questions about how the breach occurred. Early investigations hint at the exploitation of an outdated vulnerability, raising concerns about Oracle’s patch management and the security of its legacy systems.
As customers and industry experts await more details, Oracle’s response continues to draw sharp criticism. The incident highlights the importance of timely, transparent communication during cybersecurity crises—especially for companies entrusted with large volumes of sensitive data.
