Oracle has pushed back against claims that hackers breached its cloud platform, dismissing allegations that they stole sensitive customer data. The controversy began when an individual on a cybercrime forum advertised what they claimed to be security keys and login credentials from Oracle Cloud. The alleged hacker insisted they had exploited a vulnerability in an Oracle single sign-on (SSO) server to gain access.

Oracle, however, firmly rejected these assertions. A company spokesperson stated, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

Despite Oracle’s denial, the cybercriminal attempted to validate their claims by sharing a file supposedly planted on Oracle’s login server. Security analysts also speculated that the server in question may have been running an outdated version of Oracle Fusion Middleware, which contained a known critical vulnerability.

Further complicating matters, the hacker—using the alias “rose87168″—claimed to have exfiltrated six million records, including encrypted passwords, Java KeyStore files, and other sensitive enterprise data. They reportedly attempted to extort Oracle for $200 million in cryptocurrency in exchange for information about the alleged breach. When Oracle refused, they put the stolen data up for sale on BreachForums, offering an alternative payment option: undisclosed zero-day exploits.

Adding another level of mystery, the attacker also confessed that they couldn’t decrypt the stolen credentials and even requested help from other members of the forum to break the encryption. They also supposedly provided lists of domains of targeted companies and suggested businesses could offer a fee for removal of the employees’ details before the information was sold.

The researchers keep looking, but Oracle asserts that there was no breach. Cybersecurity experts continue to debate whether this attack is a masterful ruse or a genuine security threat.