Dell customers need to stay cautious as the vendors admit a data breach impacting their customers. What makes this breach notable is its root cause, which turns out to be a Dell API exploit by a threat actor for data scraping.
Dell Data Breach Happened Following Malicious API Exploit
Reportedly, Dell customers suffered a data breach that involved some of their personal data and much system information.
According to the emails sent to its customers (which even users shared on Reddit), the breached data includes customers’ names, physical addresses, and device information. The latter includes the customers’ order information and date of order, Dell hardware, service tag, item description, and warranty details. However, the data does not include sensitive information, such as the customers’ financial/payment details, contact numbers, and email addresses.
Alongside sharing this information, Dell assured customers that it had remedied the matter as it deployed the necessary incident response procedures, contained the incident, informed the law enforcement authorities, and conducted forensic investigations.
The firm has not officially confirmed the number of customers impacted during the breach. Neither did the breach notifications sent to the customers mention any detail about the number of impacted customers and the timespan impacting the breach.
However, while the firm seemingly downplayed the incident, the actual adversaries behind it look more active. As first reported by the Daily Dark Web a couple of weeks ago, the breach impacted 49 million Dell customers, as claimed by a poster selling the database on the dark web. The database includes precise information about the customers who purchased Dell systems between 2017 and 2024.
How The Attacker Got Dell Customers’ Data
As the matter gained public attention, it turned out that the breach didn’t arise following any active intrusions on Dell networks. Instead, what the data seller “Menelik” told different media outlets, scarping the huge chunk of data became possible by exploiting a Dell API.
Specifically, the flaw exists with Dell’s portal for partners, where the adversary got registered as a partner. Due to the absence of rate limitation, the adversary could harvest the data without hindrance, until deciding to stop and inform the company.
However, upon getting no response to his reports, he went ahead to put up the stolen data for sale on the dark web.
What Next?
Although Dell has patched the flaw, which the attacker confirms, they haven’t shared any details regarding their conversation with the attacker.
While Dell considers this breach non-sensitive for customers, Dell purchasers, particularly those receiving the breach notifications, must remain careful, especially if their physical addresses haven’t changed. Likewise, as this data, according to the adversary, may help tech support scammers trick Dell users, they should also remain wary of unsolicited tech support messages or alerts.
Let us know your thoughts in the comments.