Dell Confirms Data Breach Exposed Customer Details To Hackers, Millions Affected
In a data breach notification email that went out yesterday, Dell explained that it was “currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.” This customer information included details such as names, physical addresses, and Dell hardware that was ordered. It is stressed that this information does not include emails, phone numbers, or any financial information, which could increase the harm from this data breach, according to the email shared with BleepingComputer.
Curiously, at the tail end of April, Daily Dark Web spotted a threat actor claiming to have a database of 49 million Dell customers' information, including names, addresses, and order information, which Dell has reported. It is still unclear how this data was obtained, but we suspect it is a data scraping ordeal with a utility such as Dell’s order support platform. However, we must wait and see what Dell confirms or denies in the coming days.
Despite not having much actionable information, a threat actor could still use what was gathered from the breach maliciously. Using serial numbers and order information, a threat actor could mail out malicious USBs to try and trick customers into plugging them in and installing malware inadvertently, to name just one example. As such, be on the lookout for any odd mail coming from “Dell” and, if you are in doubt, do not hesitate to reach out to Dell customer support proper.