Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself

how to, hacker claims to have stolen dell customer data, twice. here's how to protect yourself

JuSun/Getty Images

A hacker who calls himself Menelik has taken credit for not one, but two recent data breaches against PC maker Dell. In the first attack, as reported by TechCrunch, he claims to have accessed a Dell online portal through which he stole customer names, physical addresses, and order information. Staging a second attack just days later on a different portal, Menelik told TechCrunch that he made off with the names, phone numbers, and email addresses of Dell customers.

To perform the first attack, which reportedly affected 49 million Dell customers, the hacker said that he registered with different names for Dell resellers on a specific portal. After Dell approved these partner accounts, Menelik said he brute-forced the seven-digit customer service tags. "Any kind of partner" could access the portal in the same way, he claimed.

Also: The best VPN services (and how to choose the right one for you)

"[I] sent more than 5,000 requests per minute to this page that contains sensitive information," Menelik told TechCrunch. "Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 million requests… After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up."

Dell confirmed to TechCrunch it had been hit by a data breach and that Menelik had sent emails to the company taking credit for the attack. Dell didn't reveal whose physical addresses were scraped, but TechCrunch found that some addresses were for businesses buying products for remote workers while many were for consumers ordering products at home.

Also: 6 simple cybersecurity rules you can apply now

So, what happened to the stolen records? The same thing that usually happens. Menelik said he posted an ad on a dark web hacking forum trying to sell the data. In a follow-up, the hacker told TechCrunch that he sold the data but didn't reveal the price tag.

To pull off the second attack, Menelik targeted another portal from which he grabbed not just customer names, phone numbers, and email addresses, but also Dell service reports. Such reports contain details on replacement hardware, notes from on-site engineers, dispatch numbers, and diagnostic logs uploaded from a customer's PC.

Menelik said he captured data for around 30,000 Dell customers in the US through the second attack. The flaws he exploited were similar to those in the first attack. This time, however, he couldn't steal the data as quickly as he did during the initial breach. Asked by TechCrunch what he aims to do with this second batch of data, the hacker said he didn't yet know.

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

We hear about data breaches, cyberattacks, and stolen customer data regularly. It's always the same story: companies fail to effectively secure their infrastructure, data centers, and databases, sometimes simply by not patching critical security flaws. Savvy hackers discover a vulnerability, gaining the keys to steal sensitive information.

Since we can't depend on companies to protect us, what can we do to protect ourselves? Here are a few steps you can take both before and after a breach:

  • Set up a strong password - Yes, I know you've heard this before, but a strong and secure password is one of the first lines of defense. Creating and remembering a complex and unique password for every account is virtually impossible. That's why you should turn to a good password manager to do the hard work. As more sites and services support passkeys, that's another option to consider. If your account has been affected by a data breach, changing your password is the first action you'll want to take. Just ensure it's a strong one that can't easily be hacked.
  • Use two-factor authentication - Any attacker who brute-forces one of your passwords can now easily sign in to the associated account, but not if you use the right type of two-factor authentication (2FA). With 2FA, your account remains off-limits unless you provide the correct confirmation. Your best bet is to use an authenticator app or a physical security key, as both are stronger than SMS authentication. Turning on 2FA is another action to take following a breach. Many major websites now support 2FA, so you should be able to set up this authentication method without too much effort.
  • Watch out for scams - The Dell hacker grabbed names, phone numbers, email addresses, and physical addresses, and then sold them on the dark web. On a practical level, you can't readily change any of those. That's why you need to be alert for criminals who try to use your phone number or email address to run spoofing and phishing scams.
  • Monitor your credit - Add up all the stolen data, and identity theft becomes a real possibility. To protect yourself, check your credit reports across the three major services: Experian, Equifax, and TransUnion. In some cases, you may have to freeze your credit to ensure no one can open new accounts or take out loans in your name.

Featured

OTHER NEWS

11 minutes ago

Conned consumers lost record amount to puchase scams in 2023 - UK Finance

11 minutes ago

Project Udbhav: Indian Army revives ancient strategic wisdom from Mahabharata for modern use

11 minutes ago

Eradicating child poverty to be Scottish Government’s ‘most important objective’

11 minutes ago

The Lawsuits That Could Shape the Future of AI and Copyright Law

13 minutes ago

Climate crisis is making UK winters even wetter, scientists warn

13 minutes ago

How Manchester United reached the FA Cup final for a record 22nd time

16 minutes ago

Senators pass new rules entrenching independent groups, angering Tories

16 minutes ago

EU new car sales jump 13.7% in April, industry body says

16 minutes ago

Orlando Pirates news: Forgotten striker to return to the Cape?

17 minutes ago

2025 NASCAR Hall of Fame class revealed

17 minutes ago

Guess which 7 ASX 200 shares are smashing new 52-week highs today

17 minutes ago

BT is fined £2.8m after EE and Plusnet failed to provide clear contract information to more than 1.3m customers as they signed them up

17 minutes ago

'Haryana stopping Delhi's water': AAP flags 'new BJP conspiracy' ahead of May 25 voting

17 minutes ago

Brandon Aubrey Rookie Season Ranks No. 1 for NFL Kickers

17 minutes ago

Singapore Airlines boss apologises for 'traumatic' turbulence flight as tributes paid to 'gentleman' British fatality

17 minutes ago

WHAT needs to change after the 2024 General Election

17 minutes ago

Government: Don’t panic! But do stock up on water, wet wipes and Spam.

18 minutes ago

Musical theatre director who died during severe turbulence on flight was on ‘last big holiday’ with wife

18 minutes ago

Broncos linebacker Drew Sanders to miss most of '24 season

18 minutes ago

Will Bears notch nine wins in 2024? 'NFL GameDay View'

18 minutes ago

Bengals WR Tee Higgins Signing Franchise Tag a Matter of When, Not If

18 minutes ago

Saints eyeing Sean Payton reunion as a "must win"

18 minutes ago

Ultra-rich in Asia-Pacific seeking greater balance between bonds and equities: UBS report

18 minutes ago

Briton who died on SIA flight hit by turbulence was looking forward to ‘last big holiday’ with wife

18 minutes ago

Guelph police set up dedicated space to make completing online purchases easier, safer

18 minutes ago

This lash-lengthening 'holy grail' mascara with a 12,000-person waitlist is FINALLY back in stock (and we have an exclusive 20% off discount code)

18 minutes ago

Once a popular pastime in America, cricket is returning for the Twenty20 World Cup

18 minutes ago

Swans to appeal length of Parker's six-game AFL/VFL ban

18 minutes ago

Essendon's Scott wants AFL tribunal review after season

18 minutes ago

I left my home on Ibiza because I couldn’t take all the tourists

18 minutes ago

Judy Chicago: Revelations review – cosmic cobblers from a pseudo goddess

18 minutes ago

Determined to make Spurs winners from day one, nothing changed - Postecoglu

18 minutes ago

U.S. Treasury yields rise as investors weigh Fed speaker comments

18 minutes ago

Spain, Ireland and Norway will recognize a Palestinian state on May 28. Why does that matter?

18 minutes ago

Richard III review: Michelle Terry’s controversial Globe show takes aim at toxic men

18 minutes ago

Watch live as Paula Vennells gives evidence at Post Office Horizon IT inquiry

18 minutes ago

Post Office Inquiry – live: Paula Vennells apologises to victims of Horizon scandal as she begins testimony

18 minutes ago

Scotland Euro 2024 squad announcement LIVE: Steve Clarke to reveal provisional list for Germany

21 minutes ago

Biden administration to forgive $7.7 billion in student debt for more than 160,000 borrowers

21 minutes ago

This lash-lengthening 'holy grail' mascara with a 12,000-person waitlist is FINALLY back in stock (and we have an exclusive 20% off discount code)

Kênh khám phá trải nghiệm của giới trẻ, thế giới du lịch