Dell Admits Potential Breach in Early November


Dell has admitted suffering a potential breach after detecting suspicious activity on its network in early November.

The computer giant claimed it “detected and disrupted” the attackers, who were trying to access customer data from the e-commerce platform. Affected information was apparently limited to the names, email addresses and hashed passwords of an undisclosed number of users.

“Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted,” it continued.

“Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These include the hashing of our customers’ passwords and a mandatory password reset. Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services.”

The firm said it “immediately implemented countermeasures and initiated an investigation” after the incident was discovered on November 9. Passwords were reset five days after, but that still leaves a long gap before customers were notified.

This could be bad news for those affected, unless the firm had employed particularly sophisticated hashing on its passwords, according to Sumit Agarwal, co-founder of Shape Security. He warned that readily available brute force tools can enable hackers to retrieve plaintext credentials.

“In security circles, email and hashed passwords are also known as the keys to the kingdom in terms of giving criminals full access to other accounts belonging to a given user who may have re-used those credentials information elsewhere,” he added.

“It is highly likely that criminals will be able to discover at least some of the stolen passwords, unless Dell had in place, particularly sophisticated hashing techniques. Historically, this has not been the case for many companies who were similarly breached, which is why more than 10 million username/password pairs per day were stolen, on average, throughout 2017.”

Products You May Like

Articles You May Like

Ecuador Shares Assange’s Legal Docs with US
Game of Thrones petition reaches 1M signatures ahead of finale
Snap, which has yet to release a diversity report, hires its first head of D&I
SoFar Sounds house concerts raises $25M, but bands get just $100
RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708

Leave a Reply

Your email address will not be published. Required fields are marked *