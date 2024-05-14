Entertainment
The threat actor collected Dell support tickets, including customer phone numbers.
The person who claimed to have stolen the physical addresses of 49 million Dell customers appears to have scraped more data from another Dell portal, TechCrunch has learned.
The newly compromised data includes names, phone numbers and email addresses of Dell customers. This personal data is contained in customer service reports, which also include information about hardware and replacement parts, comments from on-site engineers, shipping numbers, and in some cases diagnostic logs downloaded from the customer's computer.
Several reports seen by TechCrunch contain photos apparently taken by customers and uploaded to Dell seeking technical support. Some of these images contain metadata revealing the precise GPS coordinates of where the client took the photos, according to a sample of the scraped data obtained by TechCrunch.
TechCrunch confirmed that customers' personal information appears authentic.
This is the second disclosure of Dell customer data exposed in as many weeks. Last week, Dell informed its customers that it had suffered a data breach, saying in an email that the tech giant was investigating an incident involving a Dell portal, which contains a database containing restricted types customer information related to Dell purchases.
The stolen data included customer names and physical addresses, as well as less sensitive data, such as Dell hardware and order information, including service tag, item description, order date, and associated warranty information.
Dell downplayed the breach at the time, saying that the disclosure of customer addresses did not pose a significant risk to our customers and that the stolen information did not include any highly sensitive customer information, such as email addresses and telephone numbers.
A person known as Menelik claimed responsibility for both data breaches. In an interview with TechCrunch, Menelik provided a sample of the data he stole, which allowed TechCrunch to verify that the data was legitimate. Menelik also provided copies of emails he sent to Dell, and the company confirmed to TechCrunch that it had received an email regarding the data breach from Menelik.
Now it appears that Menelik found another flaw in another Dell portal, which allowed him to recover more customer data.
I found something for email and phone number data, Menelik told TechCrunch. But I'm not going to do anything with it yet. I want to see how Dell responds to the current topic. [sic]
Dell did not respond to TechCrunch's request for comment.
Menelik said it has scraped data from about 30,000 U.S. customers and said the flaws it is exploiting are similar to the bugs that allowed it to obtain the first set of 49 million customer records. But this second vulnerability prevents it from collecting data as quickly as during the first breach.
As TechCrunch first reported, in the first breach, Menelik said he was able to scrape Dell customer data from a portal where he had registered multiple accounts as a partner, meaning that he claimed to run companies that resell Dell products or services. Once Dell approved his requests, Menelik said he was able to brute force the customer service labels, which consisted of only seven digits of numbers and consonants.
Menelik posted an ad on a well-known hacking forum in an attempt to sell the data. As of this writing, the list has been removed and Menelik said that was because he sold the data, although he declined to say for how much.
Asked what he plans to do with the new data, Menelik said he hasn't decided yet.
Since some of the data retrieved contains personal information about customers in the European Union, TechCrunch contacted Ireland's national data protection authority, which did not immediately respond to a request for comment.
Do you know more about this Dell hack? Or similar data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
