Shell, a global leader in the oil and gas industry, is reportedly facing a data breach that has impacted customers in multiple countries, including Australia.
The breach was highlighted by a threat actor known as “888” on Breach Forums. This individual claims to have posted 80,000 rows of customer data, affecting individuals in Australia, the UK, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada.
According to Cyber Daily, the compromised data reportedly includes:
The listed information appears to be related to a customer loyalty program, despite Shell not being associated with the Nectar loyalty program specified.
In Australia, Shell operates its petrol stations in collaboration with Coles Express, a business sold to Viva Energy by Coles in May 2023.
The hacker, 888, shared a sample of the alleged data, which includes details of 10 individuals identified as Australians who shop at Shell Coles Express locations.
Although the data appears authentic, it has not been confirmed by other cybersecurity organisations.
Aside from Shell, ticket sales giant Ticketmaster is facing a data breach that could impact thousands of Australians.
The hacker group ShinyHunters – which became known as the operator of Breach Forums, the same forum where a user threatened to release the personal data of approximately 10 million Optus customers – claimed responsibility for stealing personal data from 560 million customers globally.
According to The Sydney Morning Herald, ShinyHunters posted on a dark web forum claiming possession of 1.3 terabytes of customer data. This data reportedly includes names, addresses, email addresses, phone numbers, payment details, credit card numbers, expiration dates, and “customer fraud details.”
The hacker group is seeking US$500,000 (AU$752,000) for a one-time sale of the information, which also includes ticket sales, event details, and order information.
The recent data breach incidents reflect the findings of a cybersecurity company’s study, with Australia reporting a substantial increase in data breaches in the first quarter of 2024 (Q1 2024).
The study, which was based on an analysis of email addresses associated with online services, showed that a whopping 1.8 million user accounts were compromised in Q1 2024, a 388% increase compared to the final quarter of 2023.
