Info@NationalCyberSecurity
Info@NationalCyberSecurity

Dell Confirms Database Hacked—Hacker Says 49 Million Customers Hit | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


If you, like me, have received an email from Dell that didn’t go directly to your spam folder, you might already know that the technology hardware giant has suffered a security breach. I highly recommend that all Dell customers check their spam for an email with the subject “An important message about your Dell information.” Here’s what is known so far.

ForbesNew FBI Warning As Hackers Strike: Email Senders Must Do This 1 Thing

The Dell Breach Notification Email

An emailed data breach notification from Dell arrived in my inbox late on the evening of 9 May. It went straight into my email purgatory where messages that need a second look before being sent to the trash go. I always check this folder each morning, and there it was. Titled ‘An important message about your Dell information’ and commencing with a cheery hello, the email soon took a more worrisome tone. Once you get beyond the mandatory we take your privacy seriously stuff, the email hits hard with “We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.”

The email continues with quite a lot of not very much, truth be told. It’s the early days of an incident investigation, which is ongoing, so that isn’t altogether surprising. More so is the declaration from Dell that it believes “there is not a significant risk to our customers given the type of information involved.” That information, as far I know so far, is limited to name, physical address, Dell hardware and order information that includes service tag, item description, date of order and related warranty information.”

Real-World Risk Is Very Real Despite Dell Protestations

According to a posting on a hacker forum as reported by the Daily Dark Web a threat actor was trying to sell alleged stolen data from a Dell breach late in April. That for-sale notice stated that the hacked database contained “49 million customer records from Dell” and included data on systems purchased between 2017 and 2024.I’d say that comprises quite a significant risk, of targeted phishing attempts at least. It’s the perfect kind of information that anyone posing as a Dell representative could use to trick users into clicking links and being set up for credential theft.

ForbesDropbox Warns Hacker Accessed Customer Passwords And 2FA Data

Thankfully, however, Dell said that no financial or payment information was included on this database, nor email addresses and telephone numbers. Dell has advised worried customers to immediately report any suspicious activity related to their Dell accounts or purchases to their security team using email.

A Dell spokesperson provided me with the following statement: “Dell Technologies has a cybersecurity program designed to limit risk to our environments, including those used by our customers and partners. Our program includes prompt assessment and response to identified threats and risks. We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address, and certain Dell hardware and order information. It did not include financial or payment information, email address, telephone number or any highly sensitive customer data. Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating, and notified law enforcement. Our investigation is supported by external forensic specialists. We continue to monitor the situation and take steps to protect our customers’ information. Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.”

The spokesperson also told me that “As far as numbers go, we are not disclosing this specific information from our ongoing investigation.”

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW