Hackers claim to have collected 49 million Dell customer addresses before the company discovered the breach
01:01 11/05/2024
3 phút đọc
A hacker calling himself Menelik claimed he stole the data of 49 million Dell customers. Menelik claims to have illegally accessed an online Dell portal and stolen customer data, including home addresses, directly from Dell’s servers.
Techlade has verified that a portion of the stolen data matches Dell customer records.
On Thursday, Dell sent an email to customers informing them that they had suffered a data breach, which included customer names, home addresses, and Dell order information.
In an attempt to downplay the incident, Dell wrote in an email that “we believe the risk to our customers is low due to the nature of the information that was taken,” implying that they do not consider customer addresses to be “highly sensitive” information.
This hacker claimed to have registered under various names as a “partner” on a specific Dell portal. According to him, a “partner” is a company that resells Dell products or services. After Dell approved his partner account, Menelik said he had brute-forced customer service cards, which were seven digits long and consisted only of numbers and consonants. He also stated that “any type of partner” could access the portal he had been granted access to.
Menelik, a security expert revealed that he had successfully infiltrated Dell’s systems for nearly 3 weeks, stealing 50 million sensitive data. He did this by sending more than 5,000 requests per minute to Dell’s website containing sensitive information. Although the attack took place over a long period of time, Dell did not detect it.
He shared screenshots of some of the emails he sent in mid-April, also saying that at some point he stopped stealing data and did not get the entire customer database. A Dell spokesperson confirmed to Techlade that the company received the attacker’s email.
The attacker listed Dell customers’ stolen databases on a popular hacking forum. The listing on the forum was first reported by Daily Dark Web .
Techlade confirmed that the attacker had legitimate Dell customer data by sharing some of the names and service tags of customers – with their permission – who received breach notification emails from Dell . In one case, an attacker found a customer’s personal information by searching for his name in stolen records. In another case, he was able to find another victim’s corresponding profile by searching for a specific hardware service tag from her order.
In other cases, Menelik was unable to find information and said he did not know how Dell identified affected customers. “Checking by the name you provided, it appears they sent this email to unaffected customers,” the attacker said.
Dell has not yet clarified to whom the home address belongs. Techlade’s analysis of a sample of the stolen data shows addresses that appear to be related to the original purchaser of the Dell device, such as a business making purchases for remote workers. In cases where consumers purchased directly from Dell, Techlade discovered that many of those home addresses also corresponded to the consumer’s home address or other location to which they had requested delivery.
Dell did not refute our findings when asked for comment.
When Techlade sent a series of specific questions to Dell based on what the attacker said, an anonymous company spokesperson said “prior to receiving the attacker’s email, Dell was aware of it and was investigating incidents, implement response procedures and take preventive steps.” Dell provides no evidence for this claim.
It should be noted that cyberattacks are against the law and we have reported the incident to the authorities. At this time, we will not release any information that could impact our ongoing investigation or other investigations conducted by authorities.
Bài viết liên quan
Trải nghiệm hình ảnh độc đáo với “Portal” tại tòa nhà văn phòng Seattle
Robot với khả năng cầm nắm thông minh
Meta chặn liên kết đến hồ sơ bị hack của JD Vance trên Threads, Instagram và Facebook
Microsoft ra mắt ứng dụng Windows cho mọi thiết bị
Thống đốc California ký luật hạn chế sử dụng AI tạo bản sao diễn viên
Giờ bạn có thể dùng chiếc điện thoại iphone bất kì để khôi phục lại iphone 16
iOS 18: Trải nghiệm mượt mà, tùy biến đỉnh cao
AI trở thành ‘kẻ phá bĩnh’ trong cuộc đua tìm ra ‘Người nổi tiếng số 6’
Công nghệ AI cảnh báo sớm ung thư da
Tính năng mới của Apple mở ra tương lai cho kính thông minh
Cha đẻ Flappy Bird phủ nhận việc liên quan đến game mới
Apple điều chỉnh giá thay pin iPhone 16 Pro lên cao
TikTok đứng trước thử thách pháp lý lớn
Iphone 16 chính thức có 8GB RAM
Google mang giao diện desktop lên máy tính bảng Android
Pixelbot 3000: Biến ý tưởng AI thành kiệt tác tranh ghép Lego
Nikon Z6 III ra mắt với cảm biến CMOS xếp chồng một phần đầu tiên trên thế giới, giá 2.500 USD
Đối thủ của The Sims – Life by You chính thức bị hủy bỏ
Cổ đông GameStop háo hức chờ họp đại hội sau khi lần đầu bị hoãn vì lượng người tham dự quá đông
ĐĂNG KÝ NHẬN TIN
NGAY HÔM NAY
Đăng ký để nhận thông tin sớm nhất về những câu chuyện nóng hổi hiện nay trên thị trường, công nghệ được cung cấp hàng ngày.
Bằng cách nhấp vào “Đăng ký”, bạn chấp nhận Điều khoản dịch vụ và Chính sách quyền riêng tư của chúng tôi. Bạn có thể chọn không tham gia bất cứ lúc nào.
5
s
Nhận xét (0)