Event JSON
{
"id": "c5602be9e3aee231f38dd334bed08b9d7d1bfebb1da919a27c6bb2b5c30583e5",
"pubkey": "fe31a74ce7a735689686a4a8bdb765a8f4db945d91b67412c75058a82a51cffd",
"created_at": 1742562023,
"kind": 1,
"tags": [
[
"imeta",
"url https://cyberplace.social/system/media_attachments/files/114/200/517/844/862/858/original/1563ce5dafbde69c.png",
"m image/png"
],
[
"t",
"threatintel"
],
[
"proxy",
"https://cyberplace.social/@GossiTheDog/114200544766976524",
"web"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/114200544766976524",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://cyberplace.social/users/GossiTheDog/statuses/114200544766976524",
"pink.momostr"
],
[
"-"
]
],
"content": "Somebody is claiming to have exfiltrated 6 million lines of data with Oracle Cloud’s SSO and LDAP data that includes JKS files, encrypted SSO passwords, key files and enterprise manager JPS keys from servers on login.*.oraclecloud.com\n\nThe poster has no prior reputation, it is unclear if they're LARPing. Some of the sample data does align with prior infostealer logs, I'm told. https://breachforums.st/Thread-SELLING-Oracle-cloud-traditional-hacked-login-X-oraclecloud-com\n\n#threatintel\nhttps://cyberplace.social/system/media_attachments/files/114/200/517/844/862/858/original/1563ce5dafbde69c.png\n",
"sig": "7f9c0db7104e137a8b8a7021ec86e96fd87893fd6afbf1fb50e16f17dccc88dd2a0f07c901a22cbbe31c5e287650ce6aa7e6ba93d9dad276a61c7e82d696b552"
}
