Tuesday , January 28 2025
Dell

Dell Discloses Data Breach: 49 million customers allegedly affected

A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer records from Dell. The data includes information on systems bought from Dell between 2017 and 2024.

Source: Daily dark web

According to Daily dark web, recent data obtained from Dell servers includes sensitive personal and company information. The data is said to be in the possession of a threat actor, emphasizing the seriousness of the breach. It consists of millions of records, with a large portion related to individual purchases and consumer segment companies. The remaining data is linked to enterprise, partner, schools, or unidentified entities. The threat actor also highlights the top five countries with the most systems represented in the database. This situation raises major concerns about the security and privacy of Dell customers’ information, calling for immediate action to reduce risks and prevent unauthorized access.

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to...
Read More
GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This...
Read More
Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

UnitedHealth confirms 190 million impacted by 2024 data breach

UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double...
Read More
UnitedHealth confirms 190 million impacted by 2024 data breach

Registration Open For BCS CTF 2025

So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going...
Read More
Registration Open For BCS CTF 2025

New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Sygnia's recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure...
Read More
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting...
Read More
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

CISA Releases 6 ICS Advisories Detailing Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 6 advisories for Industrial Control Systems (ICS), highlighting vulnerabilities in various...
Read More
CISA Releases 6 ICS Advisories Detailing Security Issues

Account Credentials for Security Vendors Found on Dark Web: Cyble Report

# "While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been...
Read More
Account Credentials for Security Vendors Found on Dark Web: Cyble Report

Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory...
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition...
Read More
GitLab Releases Patch  (CVE-2025-0314) for XSS Exploit
Source: Daily dark web

Bleeping Computer reported that “Dell does not “believe there is significant risk to our customers given the type of information involved,” yet the stolen information could potentially be used in targeted attacks against Dell customers.
As the stolen information does not include email addresses, threat actors could target specific people with physical mailings with phishing links or that contain media (DVDs/thumb drives) to install malware on targets’ devices.

While this may sound far-fetched, threat actors have conducted similar attacks in the past, physically mailing tampered Ledger hardware wallets that stole cryptocurrency or sending gifts with USB drives that installed malware.

Source: Hackred

What Dell is Doing?

Dell has notified law enforcement and engaged a forensic firm to investigate the incident. This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term social engineering attacks.

Customers are at considerable risk due to the sale of data containing full names and physical addresses. This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term social engineering attacks.

Customers by Country:
The hacker disclosed the countries with the highest number of affected Dell customers incuding India, China, Canada, Australia, United States.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)

Check Also

XSS

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and …

Leave a Reply

Your email address will not be published. Required fields are marked *