Dell customers are facing potential privacy concerns after a hacker claims to have accessed and downloaded personal information from the company’s portal.
Hacker Explains Exploit Method
The individual claiming responsibility, known online as Menelik, spoke to TechCrunch about how they allegedly breached Dell’s system. Menelik says they:
- Registered for multiple “partner” accounts on a Dell portal – these accounts are typically for businesses that resell Dell products.
- Brute-forced access to customer service tags – these unique identifiers are seven digits long and consist only of numbers and consonants.
- Exploited a vulnerability that allowed them to scrape vast amounts of data – Menelik claims to have sent over 5,000 data requests per minute for weeks before Dell noticed.
Menelik also shared screenshots with TechCrunch showing they contacted Dell in mid-April to report the vulnerability. It reportedly took the company nearly a week to address the issue.
Dell Confirms Breach, Downplays Risk
On Thursday, Dell sent an email to affected customers acknowledging the data breach. The email stated that compromised information included customer names, physical addresses, and Dell order details. However, Dell downplayed the severity of the breach, suggesting this information is not “highly sensitive.”
TechCrunch Verifies Stolen Data
TechCrunch conducted its own investigation and verified the legitimacy of the hacker’s claims. They were able to confirm the accuracy of stolen customer data shared by Menelik, including names and service tags, which matched information from customers who received Dell’s breach notification email.
Unanswered Questions Remain
While Dell has confirmed the breach, several questions remain unanswered:
- Extent of the Breach: Menelik claims they stopped scraping data before obtaining the entire database. Dell hasn’t clarified how many customers were impacted.
- Identification of Affected Customers: Dell hasn’t explained how they determined which customers received breach notification emails. Menelik suggests some recipients might not be affected at all.
- Dell’s Response Timeline: Dell claims to have been investigating the incident before receiving the hacker’s email. However, TechCrunch couldn’t verify this claim, and the time it took to address the vulnerability raises questions about Dell’s initial response.
Law Enforcement Involvement
Dell has confirmed that they notified law enforcement about the incident.
What Dell Customers Should Do
While Dell hasn’t offered specific advice yet, it’s generally recommended to be cautious in the coming weeks. Be wary of phishing attempts that might exploit this data breach. Don’t click on suspicious links or attachments in emails, and avoid unsolicited calls or messages claiming to be from Dell.
Developing Story
This story is still unfolding. As Dell releases more information, we’ll update this article with details about the impact of the breach and any recommended actions for affected customers.