Connect with us

Technology

Threat actor claims to have stolen 49 million Dell customer addresses before company found out

Published

7 months ago

on

The silhouette of Michael Dell, founder and chief executive officer of Dell Inc.. (Matthew Busch/Bloomberg via Getty Images)

Menelik, who claims to have 49 million Dell customer records, told TechCrunch that he hacked into the company’s online portal and stole customer data, including physical addresses, directly from Dell servers.

TechCrunch has verified that a number of the downloaded data matches personal data of Dell customers.

On Thursday, the pc maker sent an email to customers saying it had suffered a knowledge breach involving customer names, physical addresses and Dell order information.

“We believe there is no significant risk to our customers given the type of information involved,” Dell wrote in an email, trying to downplay the impact of the breach by suggesting it doesn’t consider customer addresses to be “highly sensitive” information. .

The attacker stated that he had registered under several different names on a selected Dell portal as a “partner”. Affiliate, he said, means a company that resells Dell services or products. After Dell approved partner accounts, Menelik said it brute-forced customer service tags, which consist of seven digits made up entirely of numerals and consonants. He also said that “any partner” can access the portal they have accessed.

“(I) was sending over 5,000 requests per minute to this site containing sensitive information. Believe it or not, I did this for almost 3 weeks and Dell didn’t notice anything. Nearly 50 million requests… Once I felt I had enough data, I sent multiple emails to Dell and notified them of the vulnerability. It took them almost a week to patch it all up,” Menelik told TechCrunch.

Menelik, who shared screenshots of several emails he sent in mid-April, also said that sooner or later he stopped scraping and didn’t obtain the complete customer database. A Dell spokesperson confirmed to TechCrunch that the company received emails from the threat actor.

The attacker posted a stolen database containing Dell customer data on a well known hacker forum. Forum list was first reported by Daily Dark Web.

TechCrunch confirmed that the threat actor had credible Dell customer data, sharing several names and repair tags of consumers – with their consent – who received a breach notification email from Dell. In one case, the threat actor found a customer’s personal information by searching the stolen data for the customer’s name. In one other case, he was able to find details about one other victim by looking up the serial variety of a selected piece of kit from an order she placed.

In other cases, Menelik was unable to find this information and said he didn’t understand how Dell identified affected customers. “Based on checking the names you provided, it appears they sent this mail to unaffected customers,” the threat group said.

Dell didn’t say who owns the physical addresses. TechCrunch’s evaluation of a sample of downloaded data shows that the addresses appear to refer to the unique purchaser of the Dell hardware, reminiscent of a company purchasing the item for a distant employee. For consumers purchasing directly from Dell, TechCrunch discovered that lots of these physical addresses are also related to the buyer’s home address or other location where the product was shipped.

When we received comment, Dell didn’t dispute our findings.

When TechCrunch sent Dell a series of specific questions based on what the threat actor said, an anonymous company spokesperson said that “prior to receiving the threat email, Dell was already aware of the incident and was investigating it, implementing our response procedures and taking protective actions.” “. steps.” Dell has not provided evidence to support this claim.

“Let us do not forget that this threat actor is a criminal and we have notified law enforcement authorities. We will not be disclosing any information that might jeopardize the integrity of our ongoing investigation or any law enforcement investigation,” the spokesman wrote.

This article was originally published on : techcrunch.com
Related Topics:
Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

US medical device giant Artivion says hackers stole files during a cybersecurity incident

Published

1 day ago

on

December 9, 2024

By

Artivion, a medical device company that produces implantable tissue for heart and vascular transplants, says its services have been “disrupted” resulting from a cybersecurity incident.

In 8-K filing In an interview with the SEC on Monday, Georgia-based Artivion, formerly CryoLife, said it became aware of a “cybersecurity incident” that involved the “compromise and encryption” of information on November 21. This suggests that the corporate was attacked by ransomware, but Artivion has not yet confirmed the character of the incident and didn’t immediately reply to TechCrunch’s questions. No major ransomware group has yet claimed responsibility for the attack.

Artivion said it took some systems offline in response to the cyberattack, which the corporate said caused “disruptions to certain ordering and shipping processes.”

Artivion, which reported third-quarter revenue of $95.8 million, said it didn’t expect the incident to have a material impact on the corporate’s funds.

This article was originally published on : techcrunch.com
Continue Reading

Technology

It’s a Raspberry Pi 5 in a keyboard and it’s called Raspberry Pi 500

Published

2 days ago

on

December 9, 2024

By

Manufacturer of single-board computers Raspberry Pi is updating its cute little computer keyboard device with higher specs. Named Raspberry Pi500This successor to the Raspberry Pi 400 is just as powerful as the present Raspberry Pi flagship, the Raspberry Pi 5. It is on the market for purchase now from Raspberry Pi resellers.

The Raspberry Pi 500 is the simplest method to start with the Raspberry Pi because it’s not as intimidating because the Raspberry Pi 5. When you take a look at the Raspberry Pi 500, you do not see any chipsets or PCBs (printed circuit boards). The Raspberry Pi is totally hidden in the familiar housing, the keyboard.

The idea with the Raspberry Pi 500 is you could connect a mouse and a display and you are able to go. If, for instance, you’ve got a relative who uses a very outdated computer with an outdated version of Windows, the Raspberry Pi 500 can easily replace the old PC tower for many computing tasks.

More importantly, this device brings us back to the roots of the Raspberry Pi. Raspberry Pi computers were originally intended for educational applications. Over time, technology enthusiasts and industrial customers began using single-board computers all over the place. (For example, when you’ve ever been to London Heathrow Airport, all of the departures and arrivals boards are there powered by Raspberry Pi.)

Raspberry Pi 500 draws inspiration from the roots of the Raspberry Pi Foundation, a non-profit organization. It’s the right first computer for college. In some ways, it’s a lot better than a Chromebook or iPad because it’s low cost and highly customizable, which inspires creative pondering.

The Raspberry Pi 500 comes with a 32GB SD card that comes pre-installed with Raspberry Pi OS, a Debian-based Linux distribution. It costs $90, which is a slight ($20) price increase over the Raspberry Pi 400.

Only UK and US keyboard variants will probably be available at launch. But versions with French, German, Italian, Japanese, Nordic and Spanish keyboard layouts will probably be available soon. And when you’re in search of a bundle that features all the things you would like, Raspberry Pi also offers a $120 desktop kit that features the Raspberry Pi 500, a mouse, a 27W USB-C power adapter, and a micro-HDMI to HDMI cable.

In other news, Raspberry Pi has announced one other recent thing: the Raspberry Pi monitor. It is a 15.6-inch 1080p monitor that’s priced at $100. Since there are quite a few 1080p portable monitors available on the market, this launch is not as noteworthy because the Pi 500. However, for die-hard Pi fans, there’s now also a Raspberry Pi-branded monitor option available.

Image credits:Raspberry Pi

This article was originally published on : techcrunch.com
Continue Reading

Technology

Apple Vision Pro may add support for PlayStation VR controllers

Published

2 days ago

on

December 9, 2024

By

Vision Pro headset

According to Apple, Apple desires to make its Vision Pro mixed reality device more attractive for gamers and game developers latest report from Bloomberg’s Mark Gurman.

The Vision Pro was presented more as a productivity and media consumption device than a tool geared toward gamers, due partly to its reliance on visual and hand controls moderately than a separate controller.

However, Apple may need gamers if it desires to expand the Vision Pro’s audience, especially since Gurman reports that lower than half one million units have been sold to this point. As such, the corporate has reportedly been in talks with Sony about adding support for PlayStation VR2 handheld controllers, and has also talked to developers about whether they may support the controllers of their games.

Offering more precise control, Apple may also make other forms of software available in Vision Pro, reminiscent of Final Cut Pro or Adobe Photoshop.

This article was originally published on : techcrunch.com
Continue Reading
Advertisement

OUR NEWSLETTER

Subscribe Us To Receive Our Latest News Directly In Your Inbox!

We don’t spam! Read our privacy policy for more info.

Trending