Dell hacker claims they had access to systems for nearly three weeks

By Solomon Klappholz, IT Pro

The hacker trying to sell a Dell database containing 49 million customer records claims he was able to persist on the company’s systems for several weeks

The threat actor behind the recent Dell data breach that exposed 49 million customer records claims they were able to access internal systems for weeks before being discovered. 

The hacker, Menelik, was reported to be selling access to a database storing 49 million records related to systems purchased from Dell between 2017 and 2024.

Dell disclosed the breach on 9 May, notifying customers that their names, addresses, and Dell customer info were exposed, warning them to watch out for social engineering attacks impersonating the technology giant.

Menelik told TechCrunch they were able to gain access to the database by registering several accounts on a Dell portal as a partner that resells Dell products and services.

According to Menelik, the process of registering and being approved as a partner was relatively simple and did not require verification, with a potential hacker only needing to enter a set of company details and give a reason for wanting to become a partner, and Dell will approve you in under two days.

After Dell approved the new partner accounts, he then brute-forced customer service tags over the course of 3 weeks by spamming requests to a database storing sensitive information, all without Dell noticing.

“[I] sent more than 5,000 requests per minute to this page that contains sensitive information. Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik told TechCrunch.

The cyber criminal added that he stopped scraping at some point and thus did not obtain the complete database with customer data, but was still able to demonstrate to the publication that the data was legitimate by cross-referencing the database with information of customers who received the breach notification from Dell – with their permission. 



Comments

Post a Comment

Popular posts from this blog

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and ...
Read more

Ransomware gang starts leaking alleged stolen Change Healthcare data

Image
By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they ...
Read more

Notepad++ wants your help in "parasite website" shutdown

Image
By Ax Sharma,  Bleeping Computer The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. The lookalike website appears prominently in search results
Read more