The one that claimed to have stolen the bodily addresses of 49 million Dell prospects seems to have taken extra knowledge from a unique Dell portal, information.killnetswitch has discovered.
The newly compromised knowledge consists of names, cellphone numbers and e-mail addresses of Dell prospects. This private knowledge is contained in buyer “service experiences,” which additionally embrace info on alternative {hardware} and elements, feedback from on-site engineers, dispatch numbers and, in some circumstances, diagnostic logs uploaded from the client’s laptop.
A number of experiences seen by information.killnetswitch comprise photos apparently taken by prospects and uploaded to Dell searching for technical help. A few of these photos comprise metadata revealing the exact GPS coordinates of the situation the place the client took the photographs, in response to a pattern of the scraped knowledge obtained by information.killnetswitch.
information.killnetswitch has confirmed that the shoppers’ private info seems real.
That is the second disclosure of uncovered Dell buyer knowledge in as many weeks. Final week, Dell notified prospects that it had skilled a data breach, saying in an e-mail that the expertise big was investigating “an incident involving a Dell portal, which incorporates a database with restricted forms of buyer info associated to purchases from Dell.”
The stolen knowledge included buyer names and bodily addresses, in addition to much less delicate knowledge, equivalent to “Dell {hardware} and order info, together with service tag, merchandise description, date of order and associated guarantee info.”
Dell downplayed the breach on the time, saying that the spill of buyer addresses didn’t pose “a major threat to our prospects,” and that the stolen info didn’t embrace “any extremely delicate buyer info,” equivalent to e-mail addresses and cellphone numbers.
An individual who goes by the net deal with Menelik claimed duty for each data breaches. In an interview with information.killnetswitch, Menelik offered a pattern of the information he stole, which allowed information.killnetswitch to confirm that the information was respectable. Menelik additionally offered copies of emails he despatched to Dell, and the corporate confirmed to information.killnetswitch that it obtained an e-mail in regards to the data breach from Menelik.
Now, it seems Menelik discovered one other flaw in one other Dell portal, which allowed him to scrape extra buyer knowledge.
“I did discover one thing for e-mail and cellphone quantity knowledge,” Menelik informed information.killnetswitch. “However I’m not going to do something with it but. I wish to see how Dell responds to present subject. [sic]”
Dell didn’t reply to information.killnetswitch’s request for remark.
Menelik mentioned that he had scraped the information of round 30,000 U.S. prospects, and mentioned that the issues he’s exploiting are much like the bugs that allowed him to acquire the primary spherical of 49 million buyer data. However this second vulnerability prevents him from accumulating the information as shortly as in the course of the first breach.
As information.killnetswitch first reported, within the first breach Menelik mentioned he was capable of scrape Dell prospects’ knowledge from a portal the place he registered a number of accounts as a “associate,” which means he pretended to run corporations that resells Dell services or products. As soon as Dell authorised his requests, Menelik mentioned he was capable of brute-force customer support tags, that are product of seven digits of solely numbers and consonants.
Menelik posted an commercial on a widely known hacking discussion board trying to promote the information. As of the writing of this text, the itemizing has been deleted, and Menelik mentioned it’s as a result of he offered the information, though he declined to say for the way a lot.
Requested what he plans to do with the brand new knowledge, Menelik mentioned that he hasn’t determined but.
Provided that a few of the scraped knowledge incorporates private info on prospects within the European Union, information.killnetswitch reached out to Eire’s nationwide knowledge safety authority, which didn’t instantly reply to a request for remark.
Contact Us
Have you learnt extra about this Dell hack? Or comparable data breaches? From a non-work machine, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram, Keybase and Wire @lorenzofb, or e-mail. You can also contact information.killnetswitch by way of SecureDrop.