Monday , May 27 2024
Dell

Dell Discloses Data Breach: 49 million customers allegedly affected

A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer records from Dell. The data includes information on systems bought from Dell between 2017 and 2024.

Source: Daily dark web

According to Daily dark web, recent data obtained from Dell servers includes sensitive personal and company information. The data is said to be in the possession of a threat actor, emphasizing the seriousness of the breach. It consists of millions of records, with a large portion related to individual purchases and consumer segment companies. The remaining data is linked to enterprise, partner, schools, or unidentified entities. The threat actor also highlights the top five countries with the most systems represented in the database. This situation raises major concerns about the security and privacy of Dell customers’ information, calling for immediate action to reduce risks and prevent unauthorized access.

Researcher claimed: Biometrics of Indian Forces Exposed

Jeremiah Fowler, a security researcher, claimed to discover a major vulnerability in India's data security. He found an unprotected database...
Read More
Researcher claimed: Biometrics of Indian Forces Exposed

NSA Releases Guidance on Zero Trust Maturity

The NSA released an information sheet called "Advancing Zero Trust Maturity Throughout the Application and Workload Pillar." This sheet will...
Read More
NSA Releases Guidance on Zero Trust Maturity

Data protection is sovereignty: Mohammad A. Arafat
INFOCOM Dhaka ends promoting cyber resiliency

The two day long 7th edition of INFOCOM, India's biggest business, technology, and leadership event, themed "Sustainable Disruption", concluded today...
Read More
Data protection is sovereignty: Mohammad A. Arafat  INFOCOM Dhaka ends promoting cyber resiliency

Phoenix Summit 2024
Two days phoenix summit ended successfully at Dhaka

TheTeamPhoenix, a non-profit organization, successfully hosted Phoenix Summit 2024, the largest cyber security event in Bangladesh, from May 23-24. This...
Read More
Phoenix Summit 2024  Two days phoenix summit ended successfully at Dhaka

CISA Added Apache Flink CVE-2020-17519 Vulnerability to KEV

CISA warns Apache Flink users about a critical vulnerability. Cybercriminals are exploiting this flaw to compromise systems. Apache Flink is...
Read More
CISA Added Apache Flink CVE-2020-17519 Vulnerability to KEV

Cisco released software updates for CVE 2024-20360

Cisco, a global network solutions leader, has reported a security issue with its Firepower Management Center (FMC) software. This vulnerability,...
Read More
Cisco released software updates for CVE 2024-20360

Ivanti Patches Critical RCE Flaws in Endpoint Manager

Ivanti on Tuesday declare to patch for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Ivanti resolved...
Read More
Ivanti Patches Critical RCE Flaws in Endpoint Manager

German police warn of cyberattacks via Office 365

ompanies in Germany are facing a new wave of cyberattacks. The State Criminal Police Office of North Rhine-Westphalia has issued...
Read More
German police warn of cyberattacks via Office 365

Hacktivists group target Philippines government ransomware attack

SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice...
Read More
Hacktivists group target Philippines government ransomware attack

CISA ALERT
CISA Warns Exploiting NextGen Healthcare Mirth Connect Flaw

The US cybersecurity agency, CISA, added a flaw in NextGen Healthcare's Mirth Connect product to its catalog of Known Exploited...
Read More
CISA ALERT  CISA Warns Exploiting NextGen Healthcare Mirth Connect Flaw
Source: Daily dark web

Bleeping Computer reported that “Dell does not “believe there is significant risk to our customers given the type of information involved,” yet the stolen information could potentially be used in targeted attacks against Dell customers.
As the stolen information does not include email addresses, threat actors could target specific people with physical mailings with phishing links or that contain media (DVDs/thumb drives) to install malware on targets’ devices.

While this may sound far-fetched, threat actors have conducted similar attacks in the past, physically mailing tampered Ledger hardware wallets that stole cryptocurrency or sending gifts with USB drives that installed malware.

Source: Hackred

What Dell is Doing?

Dell has notified law enforcement and engaged a forensic firm to investigate the incident. This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term social engineering attacks.

Customers are at considerable risk due to the sale of data containing full names and physical addresses. This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term social engineering attacks.

Customers by Country:
The hacker disclosed the countries with the highest number of affected Dell customers incuding India, China, Canada, Australia, United States.

(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)

Check Also

woodcutter

TENABLE REPORT
Critical bug “Fluent Bit” impact all major cloud platforms

Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead …

Leave a Reply

Your email address will not be published. Required fields are marked *