A hacker calling himself Menelik took credit for not one, but two recent data breach against PC manufacturer Dell. IN the first attack as reported by TechCrunch, he claimed to have accessed a Dell online portal, through which he stole customer names, physical addresses, and ordering information. Conducting a second attack just days later on another port, Menelik told TechCrunch for which he obtained the names, phone numbers and email addresses of Dell customers.
To carry out the first attack, which is said to have affected 49 million Dell customers, the hacker says he registered under various names Dell resellers on a specific portal. After Dell approved these partner accounts, Menelik said he forced seven-digit customer service cards. “Any type of partner” can access the portal in the same way, he claims.
Also: The best VPN services (and how to choose the right one for you)
“[I] was sending over 5,000 requests per minute to this page containing sensitive information,” Menelik told TechCrunch. “Believe me or not, I kept doing this for almost 3 weeks and Dell didn’t notice anything. Nearly 50 million requests…After thinking I had enough data, I sent multiple emails to Dell and reported the vulnerability. It took them almost a week to patch it all up.”
Dell confirmed to TechCrunch that it suffered a data breach and that Menelik sent an email to the company claiming responsibility for the attack. Dell did not disclose whose physical addresses were collected. But TechCrunch found that some sites are for businesses buying products for remote employees while many are for consumers ordering from home.
Also: 6 simple cybersecurity rules you can apply immediately
And What happened to the stolen records?? The same thing often happens. Menelik said he posted an ad on a dark web hacking forum trying to sell the data. The next time, the hacker told TechCrunch that he sold the data but did not disclose the price.
To carry out the second attack, Menelik targeted another portal from which he not only obtained customer names, phone numbers and email addresses but also Dell service reports . Such reports contain details about replacement hardware, notes from on-site engineers, dispatch numbers, and diagnostic logs uploaded from the customer’s PC.
Menelik said he collected data on about 30,000 Dell customers in the US through the second attack. The flaws he exploited were similar to those in the first attack. However, this time he was not able to steal data as quickly as in the first breach. When asked by TechCrunch what he planned to do with this second batch of data, the hacker said he didn’t know yet.
We heard about data breach, cyber attacks and frequent customer data theft. And it’s always the same story: companies fail to effectively secure their infrastructure, data centers, and databases or fail to patch critical security flaws; Savvy hackers discover the vulnerability, giving them the key to stealing sensitive information.
Also: The best VPN services for iPhone and iPad (yes, you need to use one)
Since we can’t depend on companies to protect us, what can we do to protect ourselves? There are several steps you can take both before and after a breach:
- Set up a strong password – Yes, I know you’ve heard this before. But strong and secure passwords are one of the first lines of defense. Creating and remembering a complex and unique password for each account is nearly impossible. That’s why you should switch a good password manager to do the hard work. And the more websites and services there are Password support, that’s another option to consider. If your account was affected by a data breach, changing your password is the first action you’ll want to take. Just make sure it’s a powerful device and can’t be easily hacked.
- Use two-factor authentication – Any attacker who brute-forces one of your passwords can now easily log in to the linked account, but not if you use the right password type two-factor authentication (2FA). With 2FA, your account remains off limits unless you provide the correct confirmation. Your best bet is to use an authenticator app or a physical security key as both are stronger than SMS authentication. Enabling 2FA is another action to take after a breach. Many major websites now support 2FA, so you can set it up without too much effort.
- Be wary of scams – Dell hackers took names, phone numbers, email addresses and physical addresses and sold them on the dark web. On a practical level, you can’t easily change any of that. That’s why you need to be wary of criminals trying to use your phone number or email address to commit fraud and scams.
- Monitor your credit – Add up all the stolen data and possible identity theft. To protect against this threat, you’ll want to check your credit report across three main services: Experian, EquifaxAnd TransUnion. In some cases, you may have to freeze your credit to make sure no one can open a new account or borrow money in your name.
