SAUDI ARABIAN OIL COMPANY DATA BREACH

SAUDI ARABIAN OIL COMPANY DATA BREACH

Gameloop July 21, 2021

 


The Saudi Arabian Oil Company, also known as Saudi Aramco, experienced a data breach and lost 1 TB of proprietary data. In a post on a Dark Net website, the ZeroX cybercriminal gang offer Saudi Aramco's data for a negotiable price of $5 million.  Saudi Aramco blamed the data breach on third-party contractors and stated that the incident had no influence on Aramco's operations, according to Bleeping Computer. The cybercriminal gang claims that some of the data contained in the dump dates back to 1993 and was stolen from the organization last year. ZeroX had already uploaded a small sample of the stolen material from Saudi Aramco on a data breach forum in June to drum up interest in the planned sale. The sample comprises of drawings and proprietary documents including personally identifiable information (PII).

The stolen data dump contains a large amount of valuable information

Tthe .onion leak site used had a countdown timer set to 662 hours (about 4 weeks) when the gang published their first post. After that 28-day time frame expires, the data sale and discussion will begin. In a statement to Bleeping Computer, ZeroX said it intentionally chose 662 hours so that Saudi Aramco could be solved as part of a puzzle.

The data dump includes the complete information of 14,254 employees, according to ZeroX, including passport photos, emails, names, job titles, phone numbers, Iqama card numbers, family identification numbers, and more. According to the hackers, the stolen data also includes specific business information such as internal analyses, network architectures, project specifications, site plans with coordinates, and a list of the company’s customers.

It should be noted that the Saudi Aramco data breach was neither extortion nor a ransomware attack, as ZeroX did not encrypt the data or demand payment in exchange for unlocking the data. Instead, the group is selling data for $5 million but is also available for an exclusive one-time sale in which it will deliver all the data and wipe it from their systems for $50 million.

Tags:

Post a Comment

0 Comments