Hackers claim to have collected 49 million Dell customer addresses before the company discovered the breach
01:01 11/05/2024
3 minutes of reading
A hacker calling himself Menelik claimed he stole the data of 49 million Dell customers. Menelik claims to have illegally accessed an online Dell portal and stolen customer data, including home addresses, directly from Dell’s servers.
Techlade has verified that a portion of the stolen data matches Dell customer records.
On Thursday, Dell sent an email to customers informing them that they had suffered a data breach, which included customer names, home addresses, and Dell order information.
In an attempt to downplay the incident, Dell wrote in an email that “we believe the risk to our customers is low due to the nature of the information that was taken,” implying that they do not consider customer addresses to be “highly sensitive” information.
This hacker claimed to have registered under various names as a “partner” on a specific Dell portal. According to him, a “partner” is a company that resells Dell products or services. After Dell approved his partner account, Menelik said he had brute-forced customer service cards, which were seven digits long and consisted only of numbers and consonants. He also stated that “any type of partner” could access the portal he had been granted access to.
Menelik, a security expert revealed that he had successfully infiltrated Dell’s systems for nearly 3 weeks, stealing 50 million sensitive data. He did this by sending more than 5,000 requests per minute to Dell’s website containing sensitive information. Although the attack took place over a long period of time, Dell did not detect it.
He shared screenshots of some of the emails he sent in mid-April, also saying that at some point he stopped stealing data and did not get the entire customer database. A Dell spokesperson confirmed to Techlade that the company received the attacker’s email.
The attacker listed Dell customers’ stolen databases on a popular hacking forum. The listing on the forum was first reported by Daily Dark Web .
Techlade confirmed that the attacker had legitimate Dell customer data by sharing some of the names and service tags of customers – with their permission – who received breach notification emails from Dell . In one case, an attacker found a customer’s personal information by searching for his name in stolen records. In another case, he was able to find another victim’s corresponding profile by searching for a specific hardware service tag from her order.
In other cases, Menelik was unable to find information and said he did not know how Dell identified affected customers. “Checking by the name you provided, it appears they sent this email to unaffected customers,” the attacker said.
Dell has not yet clarified to whom the home address belongs. Techlade’s analysis of a sample of the stolen data shows addresses that appear to be related to the original purchaser of the Dell device, such as a business making purchases for remote workers. In cases where consumers purchased directly from Dell, Techlade discovered that many of those home addresses also corresponded to the consumer’s home address or other location to which they had requested delivery.
Dell did not refute our findings when asked for comment.
When Techlade sent a series of specific questions to Dell based on what the attacker said, an anonymous company spokesperson said “prior to receiving the attacker’s email, Dell was aware of it and was investigating incidents, implement response procedures and take preventive steps.” Dell provides no evidence for this claim.
It should be noted that cyberattacks are against the law and we have reported the incident to the authorities. At this time, we will not release any information that could impact our ongoing investigation or other investigations conducted by authorities.
Keywords:
Related articles
Palm Mini 2 Ultra: Máy tính bảng mini cho game thủ
Robot with smart grip
NASA’s goal of conquering the Sun
Apple launches a new feature that makes it easier to use your phone while sitting on vehicle
Google Photos launches smart search feature “Ask for photos”
Roku streams live MLB baseball games for free
Gun detection AI technology company uses Disney to successfully persuade New York
Hackers claim to have collected 49 million Dell customer addresses before the company discovered the breach
Thai food delivery app Line Man Wongnai plans to IPO in Thailand and the US in 2025
Google pioneered the development of the first social networking application for Android
AI outperforms humans in gaming: Altera receives investment from Eric Schmidt
TikTok automatically labels AI content from platforms like DALL·E 3
Dell’s data was hacked, revealing customers’ home address information
Cracking passwords using Brute Force takes more time, but don’t rejoice!
US lawsuit against Apple: What will happen to iPhone and Android?
The UAE will likely help fund OpenAI’s self-produced chips
AI-composed blues music lacks human flair and rhythm
iOS 17: iPhone is safer with anti-theft feature
Samsung launches 2024 OLED TV with the highlight of breakthrough anti-glare technology
REGISTER
TODAY
Sign up to get the inside scoop on today's biggest stories in markets, technology delivered daily.
By clicking “Sign Up”, you accept our Terms of Service and Privacy Policy. You can opt out at any time.
5
s
Comment (0)