ExxonMobil
Company Details
Linkedin ID:
exxonmobil
Website:
Employees number:
61,842
Number of followers:
3,254,750
NAICS:
211
Industry Type:
Homepage:
exxonmobil.com
IP Addresses:
294
Company ID:
EXX_1090820
Scan Status:
Completed
ExxonMobil Company CyberSecurity Posture
exxonmobil.com
The need for energy is universal. That's why ExxonMobil scientists and engineers are pioneering new research and pursuing new technologies to reduce emissions while creating more efficient fuels. We're committed to responsibly meeting the world's energy needs. We aim to achieve #netzero emissions from our operated assets by 2050 (for Scope 1 and 2 greenhouse gas emissions) and are taking a comprehensive approach to create emission-reduction roadmaps for major operated assets. Find us also on: YouTube.com/ExxonMobil Find our latest Privacy Policy at https://corporate.exxonmobil.com/Global-legal-pages/privacy-policy See our terms and conditions at https://corporate.exxonmobil.com/global-legal-pages/terms-and-conditions Find resources on our GHG emission reduction efforts here: https://corporate.exxonmobil.com/resources
ExxonMobil A.I CyberSecurity Scoring
ExxonMobil Risk Score (AI oriented)Between 800 and 849
ExxonMobil
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ExxonMobil Global Score (TPRM)XXXX
ExxonMobil
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ExxonMobil Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Exxon
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Exxon faced a significant reputational and potential financial impact due to a hack-and-leak operation targeting climate change activists. The firm hired by Exxon, DCI Group, was investigated for its alleged role in the incident. The internal communications about litigation against Exxon were obtained and leaked to the media, causing disruption to the activists and exposing Exxon to legal and public relations challenges. This attack caused distress among the affected parties and raised questions about the lengths to which corporations might go to protect their interests amid environmental scrutiny.
ExxonMobil Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ExxonMobil
Incidents vs Oil and Gas Industry Average (This Year)
No incidents recorded for ExxonMobil in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for ExxonMobil in 2025.
Incident Types ExxonMobil vs Oil and Gas Industry Avg (This Year)
No incidents recorded for ExxonMobil in 2025.
Incident History — ExxonMobil (X = Date, Y = Severity)
ExxonMobil cyber incidents detection timeline including parent company and subsidiaries
ExxonMobil Company Subsidiaries
The need for energy is universal. That's why ExxonMobil scientists and engineers are pioneering new research and pursuing new technologies to reduce emissions while creating more efficient fuels. We're committed to responsibly meeting the world's energy needs. We aim to achieve #netzero emissions from our operated assets by 2050 (for Scope 1 and 2 greenhouse gas emissions) and are taking a comprehensive approach to create emission-reduction roadmaps for major operated assets. Find us also on: YouTube.com/ExxonMobil Find our latest Privacy Policy at https://corporate.exxonmobil.com/Global-legal-pages/privacy-policy See our terms and conditions at https://corporate.exxonmobil.com/global-legal-pages/terms-and-conditions Find resources on our GHG emission reduction efforts here: https://corporate.exxonmobil.com/resources
Loading...
ExxonMobil Similar Companies
PETROVIETNAM
Petrovietnam’s business - Core business: + Exploration, Production, Refinery, Petrochemicals, Storage, Transportation and Service in Petroleum Field; + Importing and Exporting petroleum materials, equipment and productions; + Distributing oil and gas products and hydrocarbon materi
PETRONAS
Petroliam Nasional Berhad (PETRONAS) is a leading global energy company committed to powering society’s progress in a responsible and sustainable manner. With close to 50,000 employees and a global reach spanning over 100 countries, we are ranked among the world’s largest corporations by revenue in
Besmindo Group
Besmindo Group is a leader in providing new tool joints; repair & redress of tool joints, pup joints, drill pipes, threads for tool joints and OCTG tubing. The mission is to continually provide these and other services by promoting a reputation for excellence and value while fully anticipating, then
PDVSA Petróleos de Venezuela S.A.
Petróleos de Venezuela S.A. is a Venezuelan state company, began operations on January 1st, 1976 and whose activities are the oil exploration, production, refining, marketing and transportation of Venezuelan oil as well as the orimulsion, chemical, petrochemical businesses and coal. We have the lar
Marathon Petroleum Corporation
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retai
Baker Hughes (NASDAQ: BKR) is an energy technology company that provides solutions for energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward – making it safer, clea
Weatherford International plc (Nasdaq: WFRD) is a leading global energy services company. Operating in approximately 75 countries, the Company answers the challenges of the energy industry with its global talent network of approximately 17,000 team members and approximately 350 operating locations,
Ecopetrol
Ecopetrol (NYSE: EC) es la compañía más grande en Colombia y uno de los principales grupos de energía de Latinoamérica. Cuenta con más de 18.000 empleados y es responsable del 60% de la producción de hidrocarburos en Colombia. Es propietaria de las dos refinerías del Colombia y de la gran parte de l
Halliburton
We collaborate and engineer solutions to maximize asset value for our customers. Founded in 1919, Halliburton is one of the world's largest providers of products and services to the energy industry. With more than 45,000 employees, representing 130 nationalities in more than 80 countries, the compan
.png)
ExxonMobil CyberSecurity News
November 20, 2025 02:19 PM
Exxon to acquire 40% stake in Enterprise Bahia NGL pipeline
Enterprise Products Partners said on Thursday that Exxon Mobil will buy a 40% stake in its Bahia natural gas liquids pipeline and help...
November 06, 2025 08:00 AM
ExxonMobil, Energean agree farm-in deal for gas block in Greece
Oil major ExxonMobil , Energean and Helleniq Energy on Thursday signed a farm-in agreement for 60% in a gas block in Western Greece,...
November 04, 2025 08:00 AM
ExxonMobil Names Jon Gibbs to Lead New Global Operations Division
Exxon Mobil Corporation (NYSE: XOM) announced a major reorganization that will centralize its operations into a new entity, ExxonMobil...
November 01, 2025 06:15 PM
Profits dip at ExxonMobil, Chevron on lower crude prices
US oil giants ExxonMobil and Chevron reported lower earnings Friday as the decline in oil prices offset the lift from higher production.
October 31, 2025 07:00 AM
Exxon Mobil slides after reporting Q3 earnings
Big oil has been dealing with low oil prices as OPEC+ keeps pumping....
October 20, 2025 07:00 AM
ExxonMobil Is Back in Iraq With Majnoon Oilfield Deal in Basra
ExxonMobil joins BP, Chevron, and TotalEnergies in greenlighting new investment projects in Iraq in 2025 as the government targets oil...
October 09, 2025 07:00 AM
ExxonMobil Signs Deal to Develop Iraq's Massive Majnoon Field
Exxon Mobil Corporation XOM has signed preliminary agreements for the exploration and development of the Majnoon oil field in Iraq.
September 30, 2025 07:00 AM
ExxonMobil and Kinaxis: Creating a Next Gen Supply Chain Management Solution for Oil & Gas
ARC Analyst Larry O'Brien has recently published a report on ARC's Client Portal regarding the recent work between Kinaxis and Exxon to...
September 23, 2025 07:00 AM
Opinion | Your Vote Doesn’t Count at ExxonMobil
Its 'Retail Voting Program' is a power grab by management.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ExxonMobil CyberSecurity History Information
Official Website of ExxonMobil
The official website of ExxonMobil is http://www.exxonmobil.com.
ExxonMobil’s AI-Generated Cybersecurity Score
According to Rankiteo, ExxonMobil’s AI-generated cybersecurity score is 823, reflecting their Good security posture.
How many security badges does ExxonMobil’ have ?
According to Rankiteo, ExxonMobil currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does ExxonMobil have SOC 2 Type 1 certification ?
According to Rankiteo, ExxonMobil is not certified under SOC 2 Type 1.
Does ExxonMobil have SOC 2 Type 2 certification ?
According to Rankiteo, ExxonMobil does not hold a SOC 2 Type 2 certification.
Does ExxonMobil comply with GDPR ?
According to Rankiteo, ExxonMobil is not listed as GDPR compliant.
Does ExxonMobil have PCI DSS certification ?
According to Rankiteo, ExxonMobil does not currently maintain PCI DSS compliance.
Does ExxonMobil comply with HIPAA ?
According to Rankiteo, ExxonMobil is not compliant with HIPAA regulations.
Does ExxonMobil have ISO 27001 certification ?
According to Rankiteo,ExxonMobil is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of ExxonMobil
ExxonMobil operates primarily in the Oil and Gas industry.
Number of Employees at ExxonMobil
ExxonMobil employs approximately 61,842 people worldwide.
Subsidiaries Owned by ExxonMobil
ExxonMobil presently has no subsidiaries across any sectors.
ExxonMobil’s LinkedIn Followers
ExxonMobil’s official LinkedIn profile has approximately 3,254,750 followers.
NAICS Classification of ExxonMobil
ExxonMobil is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
ExxonMobil’s Presence on Crunchbase
No, ExxonMobil does not have a profile on Crunchbase.
ExxonMobil’s Presence on LinkedIn
Yes, ExxonMobil maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/exxonmobil.
Cybersecurity Incidents Involving ExxonMobil
As of December 06, 2025, Rankiteo reports that ExxonMobil has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
ExxonMobil has an estimated 10,499 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at ExxonMobil ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Exxon Hack-and-Leak Operation Targeting Climate Change Activists
Description: Exxon faced a significant reputational and potential financial impact due to a hack-and-leak operation targeting climate change activists. The firm hired by Exxon, DCI Group, was investigated for its alleged role in the incident. The internal communications about litigation against Exxon were obtained and leaked to the media, causing disruption to the activists and exposing Exxon to legal and public relations challenges. This attack caused distress among the affected parties and raised questions about the lengths to which corporations might go to protect their interests amid environmental scrutiny.
Type: Hack-and-Leak Operation
Threat Actor: DCI Group
Motivation: To protect corporate interests amid environmental scrutiny
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Hack-and-Leak Operation EXX000120924
Data Compromised: Internal communications about litigation
Operational Impact: Disruption to climate change activists
Brand Reputation Impact: Significant reputational impact
Legal Liabilities: Exposed to legal and public relations challenges
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Internal Communications and .
Which entities were affected by each incident ?
Incident : Hack-and-Leak Operation EXX000120924
Entity Name: Exxon
Entity Type: Corporation
Industry: Energy
Data Breach Information
What type of data was compromised in each breach ?
Incident : Hack-and-Leak Operation EXX000120924
Type of Data Compromised: Internal communications
Data Exfiltration: Internal communications about litigation
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an DCI Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Internal communications about litigation and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Internal communications about litigation.
.png)
Latest Global CVEs (Not Company-Specific)
Description
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Description
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
Risk Information
cvss4
Base: 9.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
Risk Information
cvss2
Base: 5.1
Severity: HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss3
Base: 5.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
cvss4
Base: 2.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=exxonmobil' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
