"The SSO passwords are encrypted, they can be decrypted with the available files. also LDAP hashed password can be cracked," rose87168 said. "I'll list the domains of all the companies in this leak.

The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The hacker posted samples on the dark web, reportedly containing a list of affected companies, encrypted SSO passwords, Java KeyStore (JKS) files, and LDAP information. “The SSO passwords are ...

(region-name).oraclecloud. com' Oracle servers. "The SSO passwords are encrypted, they can be decrypted with the available files. also LDAP hashed password can be cracked," rose87168 says.