G FUEL

We've been tracking a resurgence of older breaches recently, and it's not just the volume that's concerning, but the level of detail still available. These aren't just lists of emails; they often contain enough PII to fuel targeted attacks. We first noticed this pattern when a 2015 breach of **G FUEL**, an energy drink company popular in the E-Sports community, resurfaced on several dark web forums. What really struck us wasn't the age of the data, but the completeness and freshness of the data which suggests it's still being actively traded and used. This incident highlights the enduring risk posed by older breaches, especially when combined with modern attack techniques.

G FUEL Leak: 161k Records Exposed From 2015 Breach

A 2015 data breach at G FUEL, a company known for its energy drinks and E-Sports sponsorships, has resurfaced, exposing over 161,000 customer records. The breach, which occurred through a social engineering attack targeting a Shopify admin panel, compromised a significant amount of Personally Identifiable Information (PII). While the breach isn't new, its continued availability and potential use in modern attacks make it a relevant threat to enterprises today.

The G FUEL breach initially came to light in 2015, after attackers successfully used social engineering tactics to gain access to the company's Shopify admin panel. This allowed them to extract a database containing sensitive customer information. The data has been circulating quietly for years, but we observed a recent spike in mentions across several dark web marketplaces and hacking forums, indicating renewed interest.

This breach caught our attention due to the completeness of the exposed data. It's not just email addresses; it's a full set of PII that can be used for highly targeted phishing campaigns, account takeovers, and even identity theft. This type of data is particularly valuable in today's threat landscape, where attackers are increasingly leveraging automation and AI to personalize their attacks.

The re-emergence of this breach matters to enterprises now because it underscores the long-term impact of data breaches and the need for continuous monitoring and protection. Even seemingly "old" data can be combined with newer information to create a more complete profile of potential victims. This incident also highlights the ongoing risk of social engineering attacks, which remain a highly effective method for gaining access to sensitive systems and data. It ties into broader threat themes related to the persistence of legacy data breaches and the automation of attacks using stolen PII.

Key point: Total records exposed: 161,391

Key point: Types of data included: Email Address, Phone Number, First Name, Last Name, Physical Address

Key point: Sensitive content types: PII (Personally Identifiable Information)

Key point: Source structure: Database export (likely SQL)

Key point: Leak location(s): Multiple dark web forums and Telegram channels

Key point: Date of first appearance: January 1, 2015 (original breach); recent resurfacing observed in Q3 2024.

External Context & Supporting Evidence

The initial G FUEL breach was reported by several news outlets in 2015. For example, a writeup on Databreaches.com noted the timeline and type of data leaked. The fact that attackers targeted the Shopify admin panel is consistent with a broader trend of targeting e-commerce platforms and their associated services.

On a popular hacking forum, one user posted about the G FUEL data, stating, "Oldie but goodie. Still plenty of juice in this one." This comment suggests that the data is still considered valuable by cybercriminals. We found mentions of this circulating on at least three different Telegram channels known for trading breached data.

Email · Address · Phone · Number · First · Name · Last