Shell Data Breach May 2024

In May 2024, Shell suffered a significant data breach, exposing sensitive information from 80,000 rows of data.

Shell Data Breach May 2024

🏢 Company Overview


  • Industry: Oil and Gas
  • Headquarters: London, UK
  • Revenue: $365.3 billion
  • Employees: 86,000+

Shell, a British multinational oil and gas company, is one of the largest companies in the world, providing energy solutions across various sectors. With operations in over 70 countries, Shell plays a pivotal role in the global energy market.

📉 Breach Details

In May 2024, Shell suffered a significant data breach, exposing sensitive information from 80,000 rows of data. The breach was executed by the notorious threat actor known as "888" and affected multiple countries, including the UK, Australia, France, India, Singapore, Philippines, Netherlands, Malaysia, and Canada.

Compromised Data:

  • Shopper Code
  • First Name
  • Last Name
  • Status
  • Shopper Email
  • Contact Mobile
  • Postcode
  • Nectar
  • Suburb
  • State
  • Site Address
  • Suburb 1
  • Country
  • Site Name
  • Last Login
  • Pay and Association Number

The stolen data includes personal and contact information, making those affected vulnerable to various forms of exploitation, such as identity theft and targeted scams.

👤 Threat Actor Profile


Threat actor 888 has been active throughout 2024, targeting numerous organizations across different sectors. Notable breaches attributed to 888 include:

  • UNICEF: In April 2024, 888 leaked sensitive data from 11 countries, including administrative records, personal details, and contact information​ (BreachLock)​​ (Cyber Daily)​.
  • Nestle (Brazil): In May 2024, 888 exposed employee information, including full names and email addresses, impacting thousands of employees​ (Daily Dark Web)​.

888's modus operandi involves infiltrating organizational databases and leaking the extracted information on hacking forums. Their activities pose significant risks to both organizations and individuals, underscoring the urgent need for robust cybersecurity measures.

⚠️ Impact Analysis

The Shell data breach has wide-reaching implications:

  • Personal Risk: The compromised personal information could lead to identity theft and financial fraud.
  • Operational Disruption: Such breaches can disrupt business operations, leading to financial losses and reputational damage.
  • Legal and Regulatory Consequences: Shell may face regulatory penalties and legal actions due to the breach of customer data.

Affected Countries:

  • UK
  • Australia
  • France
  • India
  • Singapore
  • Philippines
  • Netherlands
  • Malaysia
  • Canada

🔐 Prevention Tips

To safeguard against similar breaches, organizations should consider the following measures:

  1. Implement Multi-Factor Authentication (MFA): Enhance account security by requiring multiple verification methods.
  2. Regular Software Updates: Ensure all software and systems are up-to-date with the latest security patches.
  3. Data Encryption: Encrypt sensitive data to protect it from unauthorized access.
  4. Intrusion Detection Systems (IDS): Deploy IDS to monitor network activity for suspicious behavior.
  5. Employee Training: Educate employees on cybersecurity best practices and threat awareness.
  6. Regular Security Audits: Conduct thorough security audits to identify and rectify vulnerabilities.