A recent data breach against PC maker Dell has been attributed to a hacker who goes by the name Menelik. Menelik has claimed responsibility for not one, but two separate attacks on Dell’s online portals, resulting in the theft of sensitive customer information. The first attack targeted a portal through which Menelik was able to steal customer names, physical addresses, and order information. In a subsequent attack just days later on a different portal, Menelik managed to obtain customer names, phone numbers, and email addresses.

In the initial attack, which affected approximately 49 million Dell customers, Menelik described the method he used to gain access to the portal. By registering with different names for Dell resellers on the specific portal, Menelik was able to exploit a vulnerability and brute-force the seven-digit customer service tags. This allowed him to access sensitive information with ease. Despite sending thousands of requests per minute for nearly three weeks, Dell failed to detect the breach until Menelik notified them himself. It took Dell nearly a week to patch up the vulnerability after being alerted by the hacker.

Following the data breaches, Dell confirmed to TechCrunch that they had indeed been compromised, with Menelik claiming credit for the attacks. While Dell did not disclose whose physical addresses were compromised, it was discovered that the addresses belonged to businesses buying products for remote workers and consumers ordering products for personal use.

As for the stolen records, Menelik admitted to posting an ad on a dark web hacking forum in an attempt to sell the data. The hacker later revealed that he had successfully sold the data but did not disclose the price at which it was sold.

In the second attack, Menelik targeted another portal and managed to acquire customer names, phone numbers, email addresses, and Dell service reports. These reports contained detailed information on replacement hardware, dispatch numbers, and diagnostic logs uploaded from customer PCs. Approximately 30,000 Dell customers in the US were affected by this breach. While the methods used in the second attack were similar to those in the first, Menelik encountered difficulties in stealing data as quickly as before.

Data breaches and cyberattacks have become commonplace, highlighting the vulnerabilities in companies’ security measures and the risks of storing sensitive information online. In light of these incidents, individuals are advised to take proactive steps to protect themselves from potential breaches:

1. Set up a strong password: Using a password manager to generate and store complex passwords can help enhance security.
2. Use two-factor authentication: Enable 2FA on your accounts to add an extra layer of protection.
3. Stay vigilant for scams: Be wary of phishing attempts and spoofing scams targeting your personal information.
4. Monitor your credit: Regularly check your credit reports and consider freezing your credit to prevent identity theft.

As cyber threats continue to evolve, it is crucial for individuals to prioritize cybersecurity measures to safeguard their personal information and mitigate the risks of data breaches.

Source link