Dell had begun sending alerts to customers informing them that their personal information had been stolen in a data breach.
The Breach
This data breach compromised customer order data, which included warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.
On April 28th, a threat actor, Menelik, posted the data for sale on the Breached hacking forum, but the administrators quickly removed the post.
Menelik said that they were able to obtain the data after discovering a portal where partners, distributors, and merchants could look up order information.
Menelik claims that by opening many identities under bogus firm names, he could gain access to the portal within two days without verification.
Registering as a Partner is quite simple. You simply fill out an application form, Menelik explained.
APIs are being exploited in data breaches
Easy-to-access APIs have become a major business liability in recent years, with threat actors exploiting them to scrape sensitive data and sell it to other threat actors.
Threat actors linked phone numbers to approximately 500 million accounts in 2021 by exploiting a Facebook API issue. This data was leaked nearly for free on a hacking site, requiring only an account and a $2 fee to get it.
Later that year, in December, threat actors used a Twitter API flaw to connect millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums.
Lessons Learned
This breach serves as a stark reminder of several critical lessons:
API Security Matters: APIs are essential for seamless communication between systems, but their security must not be overlooked. Regular audits and robust access controls are crucial.
Third-Party Risks: Partner portals and third-party integrations can introduce vulnerabilities. Companies must assess and monitor these connections rigorously.
Data Minimization: Collect only the data necessary for business operations. The less data stored, the less there is to lose.
Incident Response: Dell’s swift response demonstrates the importance of having an effective incident response plan. Preparedness matters.
The Scale
The sheer volume of compromised records—49 million—underscores the severity of the breach. Such a massive data leak can have far-reaching consequences for affected individuals. From identity theft to targeted phishing attacks, the fallout can be extensive.
Dell’s Response
Dell promptly detected the breach and took action. They notify affected customers about the incident, urging them to be cautious and vigilant. Additionally, Dell is enhancing security protocols to prevent similar incidents in the future.