A hacker known as Rose87168 is threatening to leak or sell data allegedly stolen from Oracle Cloud, claiming access to 6 million records across 140,000 tenants. Despite Oracle initially denying the breach and staying silent since, researchers from CloudSEK and Trustwave SpiderLabs have presented evidence supporting the hacker’s claims. The breach likely exploited a critical vulnerability (CVE-2021-35587) in Oracle Access Manager, allowing access to sensitive information such as SSO credentials, LDAP passwords, and OAuth2 keys. The hacker is offering the data for sale based on company-specific criteria.