Hacker Claims Massive Data Breach of Dell Customer Records

Hacker Claims Massive Data Breach of Dell Customer Records

Todd Faulk Todd Faulk
Published on: May 14, 2024

A hacker known as Menelik claims to have stolen 49 million records of customer purchases over the last seven years from Dell Technologies, one of the largest technology companies in the US. Menelik is evidently offering the database for sale on the dark web, although Dell says the information taken is likely to be of little use to any phishing campaign.

Dell confirmed to United Press International (UPI) on May 13 that a hacker had indeed gained access to a database containing “limited types of customer information,” namely customer names and physical mailing addresses, and some hardware and order information.

“It did not include financial or payment information, email address, telephone number or any highly sensitive customer data,” Dell told UPI in an email statement.

“Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating and notified law enforcement,” Dell added.

Dell has a cybersecurity program that draws support from forensic specialists and that is designed to limit the risk to the data of its customers and partners. The program includes a “prompt assessment and response” to cyber threats.

Part of Dell’s response was to send an email on May 9 to all customers and partners notifying them of the data breach. The company said in its email that “we continue to monitor the situation and take steps to protect our customers’ information. Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.”

The hacker Menelik told the website TechCrunch that he was able to get into Dell’s IT systems by first signing up as a partner that resells Dell products and services — a process that involves little to no verification. Once a “partner,” Menelik says he was able to collect the customer information by brute-forcing customer databases with access requests over a period of three weeks. He says he sent Dell databases 50 million requests without the company noticing.

After compiling the customer database, Menelik says he notified Dell’s IT managers of what he was able to do, and that it took Dell a week to patch the holes. Dell denied Menelik’s claims.

Source of Article