Shell, BP and other oil companies hacked, Data leaked by "le4ky"

The attack was announced via twitter and was dumped to with a short message. All leaked data put into one file and the total accounts leaked was around 500+ accounts including usernames and encrypted passwords. The leak also had some basic server and target information.

This comes not long after the first attacks on major oil giant Exxon in which administration accounts and other server information was leaked by @le4ky.

Stats of the hacks:
All accounts appear to be from the Pakistan shell domain and contains 25 emails and encrypted passwords.
The BP attack was on subdomain and contains 450 accounts in the format of emails and encrypted passwords.
leader of Russia’s petroleum industry and the attack has seen emails and encrypted passwords leaked totalling 80.

GazPorn is a self claimed global energy company, the breach has seen 191 accounts in the same formats , emails and encrypted passwords.

The leak has been uploaded to pastebin and also mirrored on le4kys website.

Pastebin & message

" This is #OpSaveTheArctic - Phase II (Final), continuation of Phase I (
). Reasons and targets can be found at

" We know we’re going up against the most powerful countries and companies in the world.
But together we have something stronger than any country’s military or any company’s budget. Our shared concern for the planet we leave our children transcends all the borders that divide us and makes us - together - the most powerful force today. "

Similar to #OpSaveTheArctic - Phase I (
) , The listed targets where breached and as a punishment, The employee accounts of the concerned Corporations where used to sign the petition at
After the full operation, a total amount of 96K petitions where signed at
(96,176 to be precise).
This is the statement of the concerned hacks and to give out a message to the Corrupt Corporations that are harming our environment!


I cracked all of the passwords in that dump, and every single password for each user at each company was *exactly* six characters long, all contained only a-zA-Z0-9, and all appeared to be random.

Extremely suspicious -- like someone generated 727 random six character strings and hashed them as raw md5. The probability of this dump being real is extremely low.

yeah i found out that i was able to login with the passwords provided.

2 Cyberking: Interesting, where did you were able to login successfully??

Post a Comment

Related Posts Plugin for WordPress, Blogger...