Source: securityboulevard.com – Author: Richi Jennings
Dark web sale of leaked data exposes Dell users to phishing phraud.
Dell customer data from the past six or more years has been stolen. It looks like scrotes unknown broke into the company support portal and sold scads of personal information to the highest bidder.
Again? In today’s SB Blogwatch, we remember 2016’s similar Dell hack.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Color for kids.
DUDE! You’re Getting Phished.
What’s the craic? Bleeping’s Lawrence Abrams reports: Dell warns of data breach, 49 million customers allegedly affected
“Risky action”
The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached. … “We believe there is not a significant risk to our customers given the type of information involved.”
…
[And] yet, the stolen information could potentially be used in targeted attacks against Dell customers. [It] does not include email addresses, [but] threat actors could target specific people with physical mailings … that claim to be from Dell asking you to install software, change passwords, or perform some other potentially risky action. If you receive an email or physical mailing, you should instead contact Dell directly to confirm it is legitimate.
The sale of data was spotted last month, by the mysterious DailyDarkWeb: Threat Actor Claims Sale of Dell Database
“Staggering number of records”
The alleged data encompasses information on systems purchased from Dell between 2017 and 2024, comprising a comprehensive repository of customer details. [It] includes vital personal and company information such as full names, addresses, … unique 7-digit service tags of systems, system shipment dates, … warranty plans, serial numbers (for monitors), Dell customer numbers, and Dell order numbers. Notably, the threat actor asserts to be the sole possessor of this data.
…
Among the staggering number of records, approximately 7 million rows pertain to individual/personal purchases, while 11 million belong to consumer segment companies. [It] raises significant concerns regarding the security and privacy of Dell customers’ information, prompting urgent action to mitigate potential risks and prevent further unauthorized access.
What did Dell say in its breach notification? mikos sounds slightly sarcastic:
|The information involved does not include … any highly sensitive customer information.
Lovely that they don’t consider their customers’ physical address as highly sensitive!
What’s the threat model? unequivocal lives up to the pseudonym:
If naive elderly Dell purchaser (aka my dad) gets a call from “Dell support” about their
Plus, please send us payment via
Ain’t that the truth? GoneFission neatly illustrates the phishy psychology problem here:
Gran doesn’t want to spend $40 to get an external SSD for … backups, but will eagerly pay someone claiming to be a random phone tech support person $2000 to “fix” her computer.
And it’s not only consumers at risk. Here’s Rob Enderle via Jeffrey Burt:
With this information, a hostile actor can effectively steal Dell’s identity and convince a Dell customer they are Dell. Imagine if that customer is an admin, CIO, CEO, or CFO. The damage could be massive.
…
The issue for Dell is that, if Dell can’t protect itself from this kind of problem why would anyone use them to protect themselves? … This is a serious problem for their ability to sell solutions—even though, from what we’ve seen, this could have happened to anyone who underfunded the defense of customer records.
This reminds me of … something. Brian Krebs cycles his déjà vu:
Back in 2016 I wrote a story about Dell customers getting inundated with spam spoofing the company and referencing the recipient’s real name and actual Dell service tag ID for the recipient’s computer. … Today, Dell disclosed a breach involving “a Dell portal.” … I’ve asked Dell when they discovered this and how long they believe the intruders had access.
…
Dell said they recently identified the incident, and that the investigation is ongoing: … ”Dell Technologies has a cybersecurity program designed to limit risk to our environments, including those used by our customers and partners.”
Could it have been an inside job? Perhaps, but Joe_Dragon stretches the definition:
Dell has a lot of sub contractors that deal with hardware support. [This] is all info that any number of sub contractors need to have.
How did it happen? This Anonymous Coward claims to be an ex-Dell employee:
Post 2017? So the DellServ system after the migration to … Oracle. Not the historic DellServ running on bespoke code on the redundant pair of Tandem Non-Stops.
…
The hints given are that this was from the support side of the house. … There is a LOT of information to be had there if the hack had time to dig deep.
Dell was recently in the news for insisting its people come back to the office. Which don’t impress JSDevOps much:
wOrKiNg fRoM tHe oFfIcE SoLvEs tHiS /sarc. Utterly gone off Dell lately, which is a shame because I like their hardware. But knowing how management treat staff … I’ll look elsewhere.
Meanwhile, in a similar vein, pokey9000 snarks it up:
I bet their security team would be more effective if they could work remotely.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image source: Максим Власенко (via Unsplash; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2024/05/dell-hack-49-million-richixbw/
Category & Tags: Analytics & Intelligence,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,Insider Threats,Most Read This Week,Network Security,News,Popular Post,Securing the Cloud,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – X,Spotlight,Threat Intelligence,Threats & Breaches,Zero-Trust,Dell,Dell Technologies,Oracle,Oracle cloud,Oracle Cloud infrastructure,SB Blogwatch – Analytics & Intelligence,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,Insider Threats,Most Read This Week,Network Security,News,Popular Post,Securing the Cloud,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – X,Spotlight,Threat Intelligence,Threats & Breaches,Zero-Trust,Dell,Dell Technologies,Oracle,Oracle cloud,Oracle Cloud infrastructure,SB Blogwatch
Views: 2