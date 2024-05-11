Entertainment
Threat actor claims to have harvested 49 million Dell customer addresses before the company discovered it
The person who claims to have 49 million Dell customer records told TechCrunch that he breached an online company portal and scraped customer data, including physical addresses, directly from Dell's servers.
TechCrunch has verified that some of the recovered data matches Dell customers' personal information.
On Thursday, Dell sent an email to customers saying the computer maker had suffered a data breach that included customer names, physical addresses and Dell order information.
“We believe there is no significant risk to our customers given the type of information involved,” Dell wrote in the email, in an attempt to minimize the impact of the breach, which which implies that it does not consider customer addresses to be highly sensitive information.
The threat actor claimed to have registered under several different names on a particular Dell portal as a partner. A partner, he explained, refers to a company that resells Dell products or services. After Dell approved its partner accounts, Menelik said it brute-forced the customer service labels, which consisted of only seven digits of numbers and consonants. He also said that any type of partner can access the portal they have access to.
[I] sent more than 5,000 requests per minute to this page containing sensitive information. Believe me or not, I kept doing this for almost 3 weeks and Dell didn't notice anything. Nearly 50 million requests… After I thought I had enough data, I sent several emails to Dell and notified the vulnerability. It took them almost a week to fix everything, Menelik told TechCrunch.
Menelik, who shared screenshots of several emails he sent in mid-April, also said that at one point he stopped scraping and didn't get the base of complete customer data. A Dell spokesperson confirmed to TechCrunch that the company received the emails from the threat actor.
The threat actor listed the stolen database of Dell customer data on a well-known hacking forum. The forum list was first reported by Daily Dark Web.
TechCrunch confirmed that the threat actor has legitimate Dell customer data by permission-sharing a handful of names and service numbers of customers who received Dell's breach notification email. In one case, the threat actor found a customer's personal information by searching their name in stolen records. In another case, he was able to find another victim's matching record by searching for the specific hardware service tag of an order she had placed.
In other cases, Menelik couldn't find the information and said he didn't know how Dell identified the affected customers. Judging by the names you gave, it appears they sent this mail to unaffected customers, the threat actor said.
Dell did not specify who owns the physical addresses. TechCrunch's analysis of a sample of retrieved data shows that the addresses appear to relate to the original purchaser of the Dell equipment, such as a company purchasing an item for a remote employee. In the case of consumers purchasing directly from Dell, TechCrunch found that many of these physical addresses also correlate to the consumer's home address or other location where the item was delivered to them.
Dell did not dispute our findings when contacted for comment.
When TechCrunch sent a series of specific questions to Dell based on the threat actor's comments, an anonymous company spokesperson said that before receiving the threat actor's email, Dell was already aware of the incident and was investigating, implementing our response procedures and taking containment measures. . Dell has not provided any evidence for this claim.
Let's keep in mind that this threat actor is a criminal and we have notified law enforcement. We do not release any information that could compromise the integrity of our ongoing investigation or any investigation conducted by law enforcement, the spokesperson wrote.
