For the second time in a month, software giant Oracle has reportedly had to inform clients of a security breach.

Oracle has notified its customers of a security breach last week in which a hacker accessed one of its systems and made off with outdated client login credentials, according to sources with knowledge of the incident.

Oracle staff told select clients that the attacker had accessed usernames, passkeys, and encrypted passwords, the sources said.

Oracle has informed some clients that the FBI and cybersecurity firm CrowdStrike are investigating the breach, sources said. The attacker reportedly demanded an extortion payment as part of the incident.

Oracle also told customers the breach is unrelated to the cybersecurity incident it disclosed to some healthcare clients last month, according to sources familiar with the matter.

Claims about the stolen credentials first surfaced last month, when an unknown individual began offering data for sale online, allegedly taken from Oracle’s cloud servers.

The company denied that its cloud storage platform had been compromised, saying in a statement: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

Then last week, Oracle admitted to some clients that the attacker had accessed what it described as a “legacy environment,” according to the sources.

The company pointed out that the system had been inactive for eight years and, as such, the compromised credentials don’t pose a significant risk. However, a person familiar with the breach said the stolen data included customer login information dating as recently as 2024.

“Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident. Oracle are denying it on ‘Oracle Cloud’ by using this scope — but it’s still Oracle cloud services that Oracle manage. That’s part of the wordplay,” cybersecurity expert Kevin Beaumont said in a statement.