Dell Discovers Breach, Resets Customer Passwords
Dell Inc, after discovering a breach impacting customer data, has reset passwords for all accounts on its Dell.com online electronics store.
It was on November 9 that the computer maker detected the data breach, which was immediately disrupted. The company also declared that as per investigations that were held, it was inferred that no data has been extracted, though some information might have been removed from Dell’s network.
A statement published by Dell Inc on 28 November reads, “Dell is announcing that on November 9, 2018, it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords. Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted.”
A Reuters report dated November 29, 2018 says, “Dell Inc said on Wednesday that it reset passwords for all accounts on its Dell.com online electronics store on Nov. 14, five days after it discovered and stopped hackers who were attempting to steal customer data.”
The report, however, adds, “The computer maker did not tell customers about the attack when it forced the password resets, according to a person familiar with the breach.”
The statement that Dell Inc had released states that there are cybersecurity measures in place to limit the impacts of such data exposure. The statement explains, “These include the hashing of our customers’ passwords and a mandatory Dell.com password reset. Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services…Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement.”
The data breach impacting Dell customer happens at a time when regulators worldwide are getting companies to implement and comply with new and strict privacy regulations. Businesses or organizations affected by data breaches are expected to disclose accurate details about customer data breach quickly once it’s detected.
The Reuters report states, “Dell determined that there were no regulatory or legal requirements that it disclose the incident, but decided to come forward “with customer trust in mind,” according to the source.”
It further says, “Dell declined to say how many accounts were affected, but did say that payment information and Social Security numbers were not targeted.”
In a report dated November 28, 2018, ZDNet says, “A Dell spokesperson declined to give out a number of affected accounts, saying “it would be imprudent to publish potential numbers when there may be none.”…The company also said hackers didn’t target payment card or any other sensitive customer information, and that the incident didn’t cause a disruption of its normal services at the time of the breach or after.”
Dell.com, which has been impacted by the data breach, sees users coming to shop Dell products or to be part of discussions on the support forums. The current reports suggest that very little information associated with the website has been exposed.
In addition to the steps taken by Dell Inc, users can manually review the data they have stores in their respective accounts and also keep an eye on card statements, to ensure total security to their financial information.
Kevin Jones932 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.