Dell has just been the victim of a data breach and a hacker put the data of some 49 million of the company’s customers up for sale. Phishing campaigns and identity theft are to be expected…
Large-scale hacks are legion at the moment, and not just in France! Large international companies are holy grail for cybercriminals because, with millions, if not billions, of customers around the world, they possess a phenomenal amount of personal data. Data that is sold at a high price on the Dark Web. Unfortunately, computer manufacturer Dell has just paid the price. On Thursday, May 9, he sent an email to his customers, that Bleeping Computer was able to obtain, informing them that the company had been the subject of a data breach. “We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information, related to purchases made from Dell. We believe there is no significant risk for our customers given the type of information”, she indicates. Note that Dell does not use the word “cyberattack”, but it closely resembles it. The fact remains that the “accident” would have affected 49 million customers who purchased equipment from the manufacturer.
Dell hack: data already purchased on the Dark Web?
The leaked data is believed to include customer names, mailing addresses, and information about their Dell hardware, such as the service tag, description of the item purchased, order date, and warranty information. The company nevertheless wants to be reassuring and specifies that the most sensitive data, such as bank details, email addresses and telephone numbers, have not been affected. Also, she believes that there is not “of significant risk for our clients given the type of information involved”. But nothing is less certain…
As spotted by Daily Dark Web, the data stolen from Dell would have quickly found itself for sale on a hacker forum. A hacker calling himself Menelik has in fact posted online a Dell database from 49 million customers who purchased a device from the manufacturer from 2017 to 2024. His statements correspond to those of the company, since he offers “full names, addresses, service numbers and customer numbers”. He explains that he retrieved the data from Dell servers, concerning individuals or companies based in the United States, China, India, Australia and even Canada. Menelik claims to be the only holder of this data and invites other members of the forum to contact him to “discuss use cases and opportunities”. The post has since been deleted, so it appears someone may have already purchased the database. According to TechCrunchthe Dell spokesperson declined to comment on the forum post and did not dispute the hacker’s claims.
Although Dell assures that there is nothing to worry, it is better to be careful, because this information can easily be used in the case of phishing attempts and identity theft. A cybercriminal could, for example, pretend to be the manufacturer over the phone and ask you to carry out dangerous manipulations, or send you a personalized message to trick you. It is also possible that hackers send letter bombs by post, since they are now in possession of the postal addresses of a multitude of potential targets. So be careful.