Exploitation of Dell APIs led to data breaches affecting 49 million customers

4 Min Read

Dell customers should continue to exercise caution as vendors admit that a data breach will impact their customers. What makes this breach notable is its root cause: a Dell API exploit by a threat actor for data collection.

A data breach occurred at Dell following a malicious API exploit

Dell customers reportedly suffered a data breach involving some of their personal data and a lot of system information.

According to the emails sent to its customers (and even users shared on Reddit), the breached data included customer names, physical addresses, and device information. The latter includes the customer’s order details and order date, Dell hardware, service tag, item description and warranty details. However, the data does not contain sensitive information such as customer’s financial/payment details, contact numbers and email addresses.

In addition to sharing this information, Dell assured customers that it had resolved the matter by deploying the necessary incident response procedures, containing the incident, notifying law enforcement authorities and conducting forensic investigations.

The company has not officially confirmed the number of customers affected in the breach. The breach notifications sent to customers also did not provide details on the number of affected customers and the time frame affected by the breach.

Although the company is seemingly downplaying the incident, the real opponents behind it appear to be more active. As first reported by the Daily Dark Web a few weeks ago, the breach affected 49 million Dell customers, as claimed in a poster selling the database on the dark web. The database contains accurate information about the customers who purchased Dell systems between 2017 and 2024.

See also  A Record 4.1 Million Americans May Retire This Year: Financial Planners Say These Five Steps to Take

How the attacker got Dell customer data

As the case gained public attention, it emerged that the breach was not the result of active intrusions into Dell networks. Instead, what the data vendor “Menelik” told different Media outletsit became possible to delete a huge amount of data by using a Dell API.

The issue is particularly prevalent on Dell’s affiliate portal, where the opponent was registered as a affiliate. Since there was no rate restriction, the adversary could collect the data unhindered until he decided to stop and notify the company.

However, when he received no response to his reports, he put the stolen data up for sale on the dark web.

What now?

While Dell has fixed the bug, which the attacker confirms, they have not shared any details about their conversation with the attacker.

While Dell considers this breach non-sensitive to customers, Dell buyers, especially those receiving the breach notifications, should continue to exercise caution, especially if their physical addresses have not changed. Because this data could help tech support scammers deceive Dell users, opponents say, they should also remain on the lookout for unsolicited messages or tech support alerts.

Let us know your thoughts in the comments.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *