A recent Dell data breach has been linked to a threat actor who claims to have stolen the data of 49 million customers by exploiting a company portal for almost three weeks. The hacker, known as Menelik, revealed that he managed to extract names, postal addresses, and other data related to Dell product purchases by brute-forcing customer service tags after setting up partner accounts within the portal. Menelik stated that he sent over 5,000 requests per minute to access sensitive information, ultimately accumulating nearly 50 million requests undetected by Dell.
Despite the massive scale of the data breach, Dell has reassured customers that there is no significant risk to them. However, the stolen data could potentially be used for malicious purposes if it falls into the wrong hands. Menelik disclosed his methods to TechCrunch, explaining how he flew under the radar for weeks before notifying Dell of the vulnerability. It took Dell nearly a week to patch up the security flaw after being alerted by the hacker.
Upon receiving Menelik’s email detailing the breach, Dell acknowledged the criminal activity and promptly involved law enforcement to investigate the incident. While the company remains tight-lipped about the ongoing investigation, there is a concern that some customers who were not affected by the breach may have received erroneous notifications about their data being compromised. TechCrunch assisted Menelik in cross-referencing customer names and service tags to verify the stolen data, revealing discrepancies between those affected and those unscathed.
The breach highlights the vulnerabilities present in corporate portals and the importance of robust cybersecurity measures to prevent unauthorized access to sensitive customer information. Dell’s response to the breach emphasizes the need for prompt detection and mitigation of security threats to safeguard customer data. As the investigation unfolds, authorities are working to identify the perpetrator behind the breach and hold them accountable for their actions.
In light of this incident, businesses are urged to strengthen their cybersecurity defenses and monitor their systems for any suspicious activities. Proactive measures, such as regular security audits and employee training, can help prevent similar breaches in the future and protect customer data from falling into the hands of malicious actors. The repercussions of the Dell data breach serve as a stark reminder of the risks posed by cyber threats and the importance of vigilance in safeguarding sensitive information.
English 
Albanian 
Serbian 
Croatian 