The man who claims to have 49 million Dell customer records – Menelik – told TechCrunch that he brutally attacked an online company portal and scraped customer data, including physical addresses, directly from Dell’s servers.
TechCrunch verified that some of the data scraped matched personal information from Dell customers.
On Thursday the computer maker sent an email to customers Saying it experienced a data breach Which included customer names, physical addresses and Dell order information.
“We believe there is no significant risk to our customers given the type of information involved,” Dell wrote in the email in an effort to minimize the impact of the breach, meaning it would block customer addresses. Does not consider “highly sensitive” information. ,
The threat actor said he had registered under several different names as a “partner” on a particular Dell portal. Partner refers to a company that resells Dell products or services, he said. After Dell approved its partner accounts, Menelik said he created brutal customer service tags, made up only of seven digits of numbers and consonants. He also said that “any type of partner” can access the portal to which he has been granted access.
,[I] More than 5,000 requests per minute were sent to this page containing sensitive information. Believe it or not, I did this for about 3 weeks and Dell didn’t notice anything. About 50 million requests… When I thought I had got enough data, I sent several emails to Dell and informed them about the vulnerability. “It took them about a week to get it all right,” Menelik told TechCrunch.
Menelik, who shared screenshots of several emails sent in mid-April, also said that at some point they stopped scraping and did not receive the complete database of customer data. A Dell spokesperson confirmed to TechCrunch that the company received emails from the threat actor.
The threat actor listed the stolen database of Dell customers’ data on a well-known hacking forum. platform list First reported by Daily Dark Web,
TechCrunch confirmed that the threat actor had legitimate Dell customer data by sharing the names and service tags of a handful of customers — with their permission — who received breach notification emails from Dell. In one case, a threat actor obtained a customer’s personal information by searching stolen records for their name. In another case, he was able to find the corresponding record from another victim’s order by searching for the specific hardware service tag.
In other cases, Menelik could not find information and said he did not know how Dell identified the affected customers. “Checking the names you provided, it appears they have sent this mail to customers who are not affected,” the threat actor said.
Dell did not specify who had the physical addresses. TechCrunch’s analysis of a sample of the scraped data shows that the addresses appear to be related to the original purchaser of the Dell equipment, such as a business purchasing an item for a remote employee. In the case of consumers purchasing directly from Dell, TechCrunch found that many of those physical addresses also corresponded to the consumer’s home address or other location where they had the item delivered.
Dell did not dispute our findings when contacted for comment.
When TechCrunch sent Dell a series of specific questions based on what the threat actor said, an unnamed company spokesperson said that “prior to receiving the threat actor’s email, Dell was already aware of the incident.” was aware of and was investigating the incident, implementing our response procedures and conducting containment. Steps.” Dell did not provide evidence for this claim.
“Let’s keep in mind, this actor making the threats is a criminal and we have notified law enforcement. We are not disclosing any information that could compromise the integrity of our ongoing investigation or any investigation by law enforcement,” the spokesperson wrote.
threat-actor-says-he-scraped-49m-dell-customer-addresses-before-the-company-found-out-techcrunch
