The hacker has demonstrated that they have/had write access to URLs under login.us2.oraclecloud.com. It's incredibly disingenuous on Oracle's part to claim that this is not "Oracle Cloud".