Dell has been hit with a cybersecurity breach that could involve some 49 million customer records.
Reports say the threat actor said he registered with several different names on a particular Dell portal as a “partner,” ostensibly a channel partner reselling Dell equipment and services.
The hacker is said to have stolen the names and physical addresses, and perhaps other personally identifiable information (PII) of customers who have reportedly bought Dell equipment between 2017 and 2024.
Late last week, Dell sent an email message to an untold number of customers that it was “currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.”
Dell Notifies Customers of Breach
According to several social media posts and TechCrunch — which viewed the email — Dell notified customers that the heist included order information, service tag, item description, date of order and related warranty information.”
Those who received the email were advised that the company had undertaken incident response measures although Dell did not offer any specifics. Dell has not identified whether a bad actor is responsible for the breach.
The lifted information does not include financial or payment information, email address, telephone numbers or any “highly sensitive” customer information, Dell said. The company told customers that receipt of the email means their information was “accessed during this incident” but it denied that there was “significant risk given the limited information impacted.”
However, in an April 29 post, the Daily Dark Web, which first reported the incident, characterized it as more serious. And, according to an Ars Technica report, the hacker reportedly claimed to have posted for sale on Breach Forum, an online marketplace for buying and selling stolen information, the database with the housed records.
Breach Attributed to Brute Force Attack by "Partner"
According to a separate TechCrunch report, the threat actor, who goes by Menelik, claimed to have brute forced a Dell online portal to scrape data from the company’s servers. TechCrunch said it had verified a match between some of the scraped data and Dell customers’ purchase information.
The hacker said he posed as a “partner,” ostensibly a channel partner reselling Dell equipment and services.
“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told TechCrunch.
“This revelation raises significant concerns regarding the security and privacy of Dell customers’ information, prompting urgent action to mitigate potential risks and prevent further unauthorized access,” the Daily Dark Web said.
Indeed, scammers in possession of data such as that pilfered in the Dell attack could readily sift through other databases to patch together more valuable information.
The report said the hacker claimed he alone possessed the alleged data, including seven million lines of purchases by either individuals or personal use, and 11 million belonging to consumer companies. Other data is related to enterprise, partner, schools, or unidentified entities, the report said.
The threat actor said the most countries listed in the database are the U.S., China, India, Australia, and Canada.