Hacker Breaches Dell Servers, Scrapes 49M Customer Records: TechCrunch Report

Threat Actor Claims to Have Extracted 49 Million Dell Customer Addresses

A person claiming to have scraped 49 million Dell customer records has revealed how he exploited a company portal to access the data. The threat actor, who reached out to TechCrunch, explained how he used brute force techniques to gain entry to an online portal and extract customer data directly from Dell’s servers.

Verification of the Data Breach

TechCrunch independently confirmed the legitimacy of some of the extracted data, which matched with the personal information of Dell customers. The verification came on the heels of Dell’s own disclosure of a data breach. The computer manufacturing giant acknowledged the breach in an email sent to its customers, disclosing that the attacker had gained access to customer names, physical addresses, and Dell order information.

Dell’s Response to the Breach

In an attempt to minimize the breach’s impact, Dell sought to reassure its customers that the exposed information did not pose a significant risk. The company argued that the data involved was not classified as “highly sensitive.” However, the threat actor countered this claim by sharing how he had registered as a “partner” on the compromised Dell portal, referring to a company that resells Dell products or services.

Threat Actor’s Methodology

After gaining approval for his partner accounts, the threat actor admitted to having brute-forced customer service tags. He also sent more than 5,000 requests per minute to a page containing sensitive information. “Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests,” the threat actor told TechCrunch. The actor also claimed that he had notified Dell about the vulnerability after he believed he had extracted enough data.

Stolen Database Listed on Hacking Forum

The threat actor eventually listed the stolen database of Dell customers’ data on a popular hacking forum. TechCrunch confirmed the legitimacy of the stolen data by cross-referencing it with a handful of Dell customer names and service tags, who had given their consent. In some cases, the threat actor couldn’t find the information and speculated that Dell may have contacted non-affected customers as well.

Dell’s Official Response

While Dell has not disclosed who the physical addresses belong to, TechCrunch’s analysis of a sample of the scraped data suggests that the addresses correlate to the original purchaser of the Dell equipment. When reached for comment, Dell did not dispute these findings. The company stated that it had been aware of and investigating the incident prior to receiving the threat actor’s email but did not provide evidence for this claim.

In the face of this massive data breach, Dell reminds us that the threat actor is a criminal, and law enforcement has been notified. As the investigation continues, it’s clear that businesses must remain vigilant against cyber threats, continuously improve their security measures, and remain transparent with their customers. This incident serves as a stark reminder that no company, regardless of size or reputation, is immune from cyber threats.