Massive Dell data breach hits 49 million users — what this means for your privacy and security

Computer maker Dell faced a huge security challenge after a cyber-attack stole information for approximately 49 million customers. Dell confirmed that the type of information stolen includes people’s names, postal addresses, and Dell hardware and order information, such as service tags, item descriptions, order dates, and different warranty information.

Credit: Dell

 

What happened: A Breakdown of the incidents

Menelik, the threat actor behind the attack, openly told TechCrunch how he extracted such a huge amount of data from Dell without being detected.

Menelik set up several partner accounts within the Dell company portal which, when approved, allowed the hacker to use a brute-force attack to access customer data. A brute-force attack consists of an attacker submitting many passwords or passphrases hoping to eventually guess correctly.

The hacker sent more than 5,000 requests per minute to the page for nearly 3 weeks, and Dell did not notice anything. After sending nearly 50 million requests and scraping enough data, Menelik sent multiple emails to Dell, notifying the company of the vulnerability. It took Dell nearly a week to patch it all up, according to the hacker. Dell confirmed to TechCrunch that they received the hacker’s email notification of the vulnerability.

Credit: Dell

 

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS  

 

How Dell responded to the data breach

Dell sits as the number three PC vendor in the world following Lenovo and HP, and the affected accounts represent a small fraction of their user base. The company communicated this statement to affected users:

We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.

We reached out to Dell and a representative for the company provided us with this statement,

Dell Technologies has a cybersecurity program designed to limit risk to our environments, including those used by our customers and partners. Our program includes prompt assessment and response to identified threats and risks. We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address, and certain Dell hardware and order information.  It did not include financial or payment information, email address, telephone number or any highly sensitive customer data. Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating, and notified law enforcement. Our investigation is supported by external forensic specialists. We continue to monitor the situation and take steps to protect our customers’ information.  Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.

Credit: Dell

 

WHAT A MASSIVE HEALTHCARE CYBERATTACK AT ASCENSION MEANS FOR YOUR PRIVACY AND SECURITY  

 

What this means for your privacy and security

There’s no immediate aftermath of this data leak. Dell believes the risk to its customers is not significant since financial and payment information, email addresses, and phone numbers were not stolen in this attack. However, the risk of phishing or even major malware and ransomware attacks still exists. The threat actors might try sending personalized letters with infected drives, a tactic seen before.

There’s a good chance this data leak has already been sold on the dark web. The hacker posted the information for sale on the dark web and then took it down quickly, which often happens when someone buys the whole database. If you’re a Dell customer who bought hardware between 2017 and 2024, be very careful about any messages you get in the mail claiming to be from Dell, especially if they ask for personal information.

 

OVER HALF A MILLION ROKU ACCOUNTS COMPROMISED IN SECOND CYBER SECURITY BREACH

 

Credit: Dell

 

7 proactive measures to take to protect your data

In the wake of the cyberattack on Dell, consider taking several proactive steps to protect your personal information:

1) Change your passwords: Although Dell says your personal details like phone number and email address haven’t been leaked, it’s still advisable to change the password of your Dell account if you have one. Consider using a password manager to generate and store complex passwords.

2) Avoid tech support phone scams: Since the hackers have your data, they may try to get in touch with you, posing as a Dell employee. Always verify if the tech support person you’re talking to actually works for Dell. Be skeptical about all unsolicited phone calls, and don’t provide any personal information.

3) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

4) Report any suspicious activity: If you notice any suspicious activity related to your Dell accounts or purchases, report them to security@dell.com. This may include unauthorized purchases, unusual login attempts, or changes in account information.

5) Monitor your accounts and transactions: You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

6) Use identity theft protection: Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

Special for CyberGuy Readers:  Save up to 52% with my top recommendation is Identity Guard.

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

7)  Invest in personal data removal services: While no service guarantees complete data removal from the internet, utilizing a removal service can be beneficial for those seeking to monitor and automate the deletion of their personal information from numerous sites over time. Check out my top recommendations for removal services here.

Best services for removing your personal information from the Internet

 

 

Kurt’s key takeaways

Dell’s recent data leak highlights the lapse in the computer maker’s security infrastructure. The attackers being inside the network for an extended period is especially troubling. Given Dell’s role in providing hardware and software solutions, including backup and recovery tools, for critical infrastructure, a thorough investigation into their code and supply chain for signs of tampering is crucial. Dell is working with law enforcement and third-party security experts to investigate the incident, so that’s a step in the right direction.

Have you adjusted your online behavior or preferences due to concerns about data privacy and security breaches? Let us know in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you