Saudi Aramco has denied that its systems were breached after hackers leaked on a forum scores of sensitive information they claim to have stolen from the company.
Saudi Aramco is the world’s second-largest oil company. Its crude oil reserves are estimated at more than 270 billion barrels. According to Forbes, the company’s revenue reached $204 billion in 2020.
A threat actor going by the name ZeroX contacted ZDNet and BeepingComputer journalists claiming to had stolen 1Tb of sensitive data from Saudi Aramco. ZeroX’s entire data dump was up for auction $5 million on Wednesday. The records are from 1993 to 2020, according to the leaker.
The hacker claim to have stolen information from the company’s networks from refineries in Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.
The samples of data provided by the group included the documents related to various aspects of operations of the refineries and power plants. Among the documents were project specifications, electrical and power systems, machinery at the refineries, unit prices, business agreements, network documents, analysis reports, company clients, invoices, and more.
The group said it stole the information on over 14,000 employees. They shared an “onion dark web link” to this subset of data which included names, photos, passports, emails, phone numbers, family information, ID numbers, and more.
However, Saudi Aramco denied that their systems were hacked.
“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors,” the spokesperson said ZDNet. “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cybersecurity posture.”
In 2012, Saudi Aramco suffered another cyberattack that damaged around 30,000 workstations. The oil giant has been regularly attacked since then.