What is the official website of XTO Energy ?

The official website of XTO Energy is http://www.xtoenergy.com.

What is XTO Energy's cybersecurity risk score?

XTO Energy has an AI-generated cybersecurity risk score of 759 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has XTO Energy experienced?

According to Rankiteo, XTO Energy currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has XTO Energy been affected by any supply chain cyber incidents ?

According to Rankiteo, XTO Energy has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does XTO Energy have SOC 2 Type 1 certification ?

According to Rankiteo, XTO Energy is not certified under SOC 2 Type 1.

Does XTO Energy have SOC 2 Type 2 certification ?

According to Rankiteo, XTO Energy does not hold a SOC 2 Type 2 certification.

Does XTO Energy comply with GDPR ?

According to Rankiteo, XTO Energy is not listed as GDPR compliant.

Does XTO Energy have PCI DSS certification ?

According to Rankiteo, XTO Energy does not currently maintain PCI DSS compliance.

Does XTO Energy comply with HIPAA ?

According to Rankiteo, XTO Energy is not compliant with HIPAA regulations.

Does XTO Energy have ISO 27001 certification ?

According to Rankiteo,XTO Energy is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does XTO Energy operate in ?

XTO Energy operates primarily in the Oil and Gas industry.

How many employees does XTO Energy have ?

XTO Energy employs approximately 2,345 people worldwide.

Does XTO Energy own any subsidiaries ?

XTO Energy presently has no subsidiaries across any sectors.

How many LinkedIn followers does XTO Energy have ?

XTO Energy's official LinkedIn profile has approximately 221,714 followers.

What is the NAICS classification code for XTO Energy ?

XTO Energy is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.

Does XTO Energy have a Crunchbase profile ?

No, XTO Energy does not have a profile on Crunchbase.

Does XTO Energy have a LinkedIn profile ?

Yes, XTO Energy maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/xto-energy.

How many cybersecurity incidents has XTO Energy experienced ?

As of June 16, 2026, Rankiteo reports that XTO Energy has experienced 1 cybersecurity incidents.

How many peer or competitor companies does XTO Energy have ?

XTO Energy has an estimated 10,945 peer or competitor companies worldwide.

What types of cybersecurity incidents has XTO Energy faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

XTO Energy

Boost Score +25 with badge (5 left)

759

/1000

Fair

784

/1000

Fair

XTO Energy Vendor Cyber Rating & Cyber Score

xtoenergy.com

Add Your Compliance Badge

XTO Energy Inc., a subsidiary of Exxon Mobil Corporation, is a leading natural gas and oil producer in the U.S. with expertise in developing tight gas, shale gas and unconventional oil resources. XTO has operations in all major U.S. producing regions. XTO has a reputation for efficient resource development, environmental stewardship and community involvement, with a particular commitment to building job readiness to meet the growing challenges and requirements of our domestic natural gas industry.

XTO Energy A.I CyberSecurity Scoring

Scoring History

XTO Energy

XTO Energy CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

XTO Energy

Breach

100

12/2024

EXX000120924

Loading…

A.I.

XTO Energy Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for XTO Energy

Incidents vs Oil and Gas Industry Avg (This Year)

No incidents recorded for XTO Energy in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for XTO Energy in 2026.

Incident Types XTO Energy vs Oil and Gas Industry Avg (This Year)

No incidents recorded for XTO Energy in 2026.

Incident History - XTO Energy (X = Date, Y = Severity)

Loading…

SUBSIDIARY

XTO Energy Subsidiaries

XTO Energy

Oil and Gas

Website: http://www.xtoenergy.com

Company Size: 2,345

ExxonMobilOil and Gas

ExxonMobil LNGOil and Gas

ExxonMobil AviationAviation and Aerospace Component Manufacturing

ExxonMobil India CareersOil and Gas

ExxonMobil BeneluxOil and Gas

North Atlantic FranceOil and Gas

Imperial OilOil and Gas

ExxonMobil BrasilOil and Gas

ExxonMobil ChemicalChemical Manufacturing

ExxonMobil Low Carbon SolutionsOil and Gas

ExxonMobil EuropeOil and Gas

Mobil Lubricants EuropeOil and Gas

ExxonMobil Pipeline CompanyOil and Gas

ExxonMobil GuyanaOil and Gas

ExxonMobil BeaumontOil and Gas

ExxonMobil BasestocksOil and Gas

ExxonMobil Baytown AreaOil and Gas

ExxonMobil SingaporeOil and Gas

ExxonMobil MéxicoOil and Gas

Mobil India 🇮🇳Oil and Gas

ExxonMobil Global Land FuelsOil and Gas

ExxonMobil Baton RougeOil and Gas

ExxonMobil GivingOil and Gas

Mobil 1Motor Vehicle Parts Manufacturing

ExxonMobil FifeChemical Manufacturing

ExxonMobil Proxxima™ Polyolefin Thermoset SystemsChemical Manufacturing

Mobil Lubricants North AmericaOil and Gas

ExxonMobil MarineOil and Gas

ExxonMobil en FranceOil and Gas

Mobil MéxicoPetróleo y gas

ExxonMobil FawleyOil and Gas

ExxonMobil IndonesiaOil and Gas

Mobil IndonesiaOil and Gas

ExxonMobil GermanyErdöl und Gas

埃克森美孚中国 ExxonMobil ChinaOil and Gas

Mobil South Asia PacificOil and Gas

ExxonMobil JolietOil and Gas

ExxonMobil AfricaOil and Gas

Mobil AustraliaOil and Gas

Mobil AutomotiveOil and Gas

ExxonMobil UKOil and Gas

Loading…

XTO Energy Similar Companies

Equinor

equinor.com

We're Equinor, an international energy company with a proud history. Formerly Statoil, we are 20,000 committed colleagues developing oil, gas, wind and solar energy in more than 30 countries worldwide. We’re the largest operator in Norway, among the world’s largest offshore operators, and a growing force in renewables. Driven by our Nordic urge to explore beyond the horizon, and our dedication to safety, equality and sustainability, we’re building a global business on our values and the energy needs of the future. We're the leading operator on the Norwegian continental shelf and have substantial international activities. We are engaged in exploration, development and production of oil and gas, as well as wind and solar power. We sell crude oil and are a major supplier of natural gas, with activities in processing, refining, and trading. Our activities are managed through eight business areas, staffs and support divisions, and we have operations in North and South America, Africa, Asia, Europe and Oceania, and Norway. ______ On this page we encourage you to share your views on energy, sustainability, technology and innovation. We appreciate all feedback, but encourage politeness and a respectful tone. See our full privacy policy here: https://www.equinor.com/about-us/privacy-policy-and-data-protection See our policy for social media here: En: https://www.equinor.com/about-us/social-media#social-media-guidelines

Shell

cb shell.com

Shell is a global group of energy and petrochemical companies, employing 96,000 people across 70+ countries. We serve around 1 million commercial and industrial customers, and around 33 million customers daily at our Shell-branded retail service stations. Our purpose is to power progress together by working with each other, our customers and our partners. #PoweringProgress

Transocean

cb deepwater.com

Transocean is a leading international provider of offshore contract drilling services for oil and gas wells. The company specializes in technically demanding sectors of the global offshore drilling business, with a particular focus on ultra-deepwater and harsh environment drilling services and operates the highest specification floating offshore drilling fleet in the world. Transocean owns or has partial ownership interests in and operates a fleet of 27 mobile offshore drilling units, consisting of 20 ultra-deepwater floaters and seven harsh environment floaters.

NOV

nov.com

NOV delivers technology-driven solutions to empower the global energy industry. For more than 150 years, NOV has pioneered innovations that enable its customers to safely produce abundant energy while minimizing environmental impact. The energy industry depends on NOV’s deep expertise and technology to continually improve oilfield operations and assist in efforts to advance the energy transition towards a more sustainable future. NOV powers the industry that powers the world.

Chevron

chevron.com

Our greatest resource is our people. Their ingenuity, creativity and collaboration have met the complex challenges of energy’s past. Together, we’ll take on the future. We support the LinkedIn Terms of Use (User Agreement), and we expect visitors to our page to do the same. We encourage open, lively conversation with a few simple rules: --We reserve the right to correct factual errors. --We will reply to comments when appropriate. --If we disagree with other opinions, we will do so respectfully. --You may not post anything that is spam or that is abusive, profane, or defamatory toward a person, entity, belief, or symbol. --We will delete any posts that contain personal information such as email addresses, phone numbers and physical addresses, and other third party intellectual property material, when that information does not belong to the author of the post. --You may not post job listings for non-Chevron positions. --While we support lively, open discussion, we reserve the right to delete comments.

PT Pertamina (Persero)

cb pertamina.com

PT Pertamina (Persero) is an Indonesian state-owned enterprise, which is engaged in the integrated energy in Indonesia. Established on December 10, 1957, Pertamina had the experiences in upstream, midstream, downstream and renewable energy sectors for more than 50 years. This is the official LinkedIn Pertamina account and managed by Pertamina. Any other official social media account link in the corporate website Pertamina subsidiaries. Please kindly check the validity of the account. We support the LinkedIn Terms of Use (User Agreement) and encourage open, lively conversation with a few simple rules: -- We reserve the right to correct factual errors. -- We will reply to comments when appropriate. -- If we disagree with other opinions, we will do so respectfully. -- You may not post anything that is spam or that is abusive, profane, or defamatory toward a person, entity, belief, or symbol. More Information : Website www.pertamina.com Layanan E-PPID : http://ptm.id/ePPID_Pertamina Become a fan on Facebook.com/pertamina Check out YouTube.com/pertamina Follow us on Twitter.com/pertamina Likes us on Instagram.com/pertamina

Hindustan Petroleum Corporation Limited

hindustanpetroleum.com

Hindustan Petroleum Corporation Limited (HPCL) is a Maharatna Central Public Sector Enterprise (CPSE) and a S&P Global Platts Top 250 Global Energy Company. HPCL has a strong presence in downstream hydrocarbon sector of the country with a sizable share in petroleum product marketing and also has business footprints across other energy verticals & various overseas geographies.

Oxy

cb oxy.com

Oxy is an international energy company with assets primarily in the United States, the Middle East and North Africa. We are one of the largest oil producers in the U.S., including a leading producer in the Permian and DJ basins, and offshore Gulf of Mexico. Our midstream and marketing segment provides flow assurance and maximizes the value of our oil and gas. Our Oxy Low Carbon Ventures subsidiary is advancing leading-edge technologies and business solutions that economically grow our business while reducing emissions. We are committed to using our global leadership in carbon management to advance a lower-carbon world. Visit oxy.com for more information.

YPF

cb ypf.com

Somos el mayor productor de Oil & Gas de la Argentina, con sólidos resultados y capacidad para llevar adelante los proyectos que convertirán al país en un exportador de energía a nivel mundial. Nuestro objetivo es convertirnos en una empresa no convencional de clase mundial y que Argentina pueda exportar USD 30.000 millones en petróleo y gas para el 2031. Hoy, estamos al frente de los proyectos industriales más ambiciosos del país. Lideramos el Vaca Muerta Oil Sur (VMOS), que potenciará la producción de crudo, y el Argentina LNG, un proyecto de escala global que permitirá exportar gas al mundo. Buscamos constantemente innovación y nuevas tecnologías. Con nuestros Real Time Intelligence Centers, tomamos decisiones más eficientes basadas en datos en tiempo real, aumentando la rentabilidad. Trabajamos por los combustibles del futuro y de calidad internacional. Si te digo un compañía de clase mundial con el corazón que no tiene ninguna otra, decís YPF. Una empresa argentina. #YPFEnergíaArgentina #YPFClaseMundial

Loading…

NEWS

XTO Energy CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

January 26, 2026 08:00 AM

Exclusive: Exxon's XTO unit seeks buyers for select Eagle Ford assets

Oil major Exxon Mobil's subsidiary XTO Energy is seeking buyers for some of its assets in the Eagle Ford shale basin in South Texas,...

Read Article

January 25, 2026 08:00 AM

Exxon’s XTO Unit Explores Sale of Eagle Ford Shale Assets Valued at Over 1 Billion Dollars

Exxon Mobil's shale subsidiary, XTO Energy, is exploring a potential sale of select oil and gas assets in the Eagle Ford basin of South...

Read Article

September 23, 2025 07:00 AM

Chord Energy Acquires $550M in Williston Basin Assets from ExxonMobil Subsidiary XTO Energy

Chord Energy Corporation (NASDAQ:CHRD) is one of the most promising long-term stocks to buy. On September 15, Chord Energy announced that...

Read Article

September 17, 2025 07:00 AM

Chord Energy to Acquire Williston Basin Assets From XTO Energy

CHRD is set to acquire XTO Energy's Williston Basin assets for $550M, boosting production, efficiency and shareholder returns.

Read Article

September 16, 2025 07:00 AM

Chord Energy to acquire XTO Energy’s Williston Basin assets for $550m

Chord Energy has agreed to purchase assets in the Williston Basin from XTO Energy, a subsidiary of Exxon Mobil Corporation, for $550m.

Read Article

February 16, 2023 08:00 AM

Merit Energy Must Defend Revived Sex Bias Suit by Ex-XTO Worker

Merit Energy Co. saw the Eighth Circuit revive a sex discrimination suit brought by a XTO Energy employee it decided not to hire when it...

Read Article

August 26, 2022 07:00 AM

EXCLUSIVE Exxon to sell Arkansas shale gas assets to Flywheel Energy

Exxon Mobil Corp has reached an agreement with Flywheel Energy to sell to the closely held U.S. oil and gas producer natural gas properties...

Read Article

August 26, 2021 07:00 AM

How Cloud Computing is Being Used by ExxonMobil, American Airlines, Samsonite, Forbes, and Discovery+: Business Case Studies

Learn about cloud computing use cases and top vendors for ExxonMobil, American Airlines, Samsonite, Forbes, and Discovery here.

Read Article

December 15, 2009 08:00 AM

Exxon to Acquire XTO Energy in $31 Billion Stock Deal

Exxon Mobil Corp. placed a $31 billion bet that natural gas will play a critical role in the world's future energy needs, saying it would purchase XTO Energy...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…