Shell conducted an investigation and discovered a data breach involving a third-party provider they work with.
This incident had no direct impact on Shell's internal systems or customer data, but it is crucial to understand its details and potential effects.
? #DataBreach ?
— HackManac (@H4ckManac) May 29, 2024
A potential data breach at Shell has been detected on a hacking forum: 80K records reportedly affected.
According to the post, in May 2024, Shell suffered a data breach leading to the theft of a database containing 80K records and affecting multiple countries:… pic.twitter.com/XpTPjsjPZG
A hacker group claimed to have breached Shell, affecting 80,000 users. While the hackers provided sample data most likely related to Australian Shell stations, Shell acknowledged that a vendor they use for mystery shopping services experienced a data breach on a different platform, not Shell's systems.
The vendor has informed impacted individuals, and Shell is not commenting further because they do not control the data.
Shell customers take note! An inquiry is underway after a data breach affected a third-party vendor who works with Shell. Here is what we know so far:
The most significant point is that no Shell customer data has been exposed. Shell ensures that its internal systems and consumer data are secure.
The impacted vendor offers Shell "anonymous mystery shopping services".
The vendor used another platform to store information about their mystery shoppers. This platform appears to be the source of the leaks.
Details about whatever information may have been compromised are still present.
The details exposed in the alleged Shell data breach are unclear. While hackers claimed that they obtained data such as shopper codes, names, emails, phone numbers, and even some transaction details, this information reportedly only applied to Australian mystery shoppers for Shell at Reddy Express (previously Coles Express) locations.
Shell, on the other hand, denies that its systems were breached and maintains the leak occurred on a third-party platform utilised by a mystery shopping vendor.
A Shell spokesperson wrote in an email:
"Our investigation shows that the data in question did not come from a Shell system, nor was Shell-held customer data exposed,"
Shell denied allegations of a data breach on their systems. They confirmed they were investigating the issue and clarified that:
The Shell data breach incident is similar to two major types of cyberattacks:
Hackers used a software update from SolarWinds, a provider of IT management software, to obtain access to the systems of several US government organisations and private companies.
Right after claiming CISA's statement was false, the motion goes right into Section D: "The Solar Winds "SUNBURST" Attack."
— Jon Herold (@patel_patriot) November 28, 2023
This is extremely notable for many reasons but most importantly, and as I have written about... pic.twitter.com/7yzgClneh4
A similar attack targeted a software package from Kaseya, a firm that provides IT remote management solutions, and affected thousands of businesses globally.
Here's how you can prevent future situations like the Shell data breach:
While the breach appears to have been confined, the Shell data leak offers a severe warning of the ever-changing cybersecurity landscape.
As consumers, we trust organisations with our personal information, and data breaches by third-party suppliers highlight vulnerabilities that we may be unaware of.
This incident emphasises the need for both organisations to prioritise good security measures throughout their supply chain and for people to stay alert about their online presence.
By taking the steps indicated above and remaining informed, we can gain control of our online activities and reduce the dangers connected with data breaches.