The person who claims to have stolen the physical addresses of 49 million Dell customers appears to have stolen even more data from another Dell portal, according to an investigation by TechCrunch.
The newly compromised data includes names, phone numbers, and email addresses of Dell customers. This personal data is included in the customer's “service report,” which includes information about replacement hardware and parts, comments from on-site engineers, dispatch numbers, and, in some cases, diagnostics uploaded from the customer's computer. Also includes logs.
Several reports seen by TechCrunch include photos that appear to have been taken by customers and uploaded to Dell seeking technical support. Some of these photos include metadata that reveals the exact GPS coordinates of where the customer took the photo, according to a sample of scraped data obtained by TechCrunch.
TechCrunch has confirmed that the customer's personal information appears to be genuine.
This is the second time Dell customer data has been exposed in recent weeks. Last week, Dell notified customers that a data breach had occurred, saying in an email that the company was “involved in an incident involving Dell's portal, which includes a database containing limited types of customer information related to purchases from Dell.” He said he was investigating.
The stolen data included customer names and addresses, as well as less sensitive data such as “Dell hardware and ordering information, including service tags, product descriptions, order dates, and related warranty information.” I did.
Dell downplayed the breach at the time, saying the compromised customer addresses did not pose a “significant risk to customers” and that the stolen information did not include “sensitive customer information” such as email addresses and phone numbers. He said it was not included. .
A person using the online handle Menelik claimed responsibility for both data breaches. In an interview with TechCrunch, Menelik provided a sample of the stolen data, so TechCrunch was able to confirm that the data was legitimate. Menelik also provided a copy of the email he sent to Dell, and the company confirmed to TechCrunch that it had received an email from Menelik about the data breach.
Now, it appears Menelik has discovered another flaw in another Dell portal that allowed it to collect even more customer data.
“We were able to find email and phone number data,” Menelik told TechCrunch. “But I'm not going to do anything about it yet. I'm curious to see how Dell will respond to the current topic. [sic]”
Dell did not respond to TechCrunch's request for comment.
Menelik said he had scraped data for about 30,000 U.S. customers and said the flaw he was exploiting was similar to the bug that allowed him to obtain the original 49 million customer records. However, his second vulnerability prevented him from collecting data as quickly as the first breach.
As first reported by TechCrunch, in the first breach, Menelik said he was able to collect data on Dell customers through a portal where he registered multiple accounts as “partners.” In other words, he pretended he was running a company that resold Dell products and services. Once Dell approves the request, Menelik said he can now brute force the customer service tag, which consists of just a seven-digit number and a consonant.
Menelik posted advertisements on popular hacking forums attempting to sell data. As of this writing, the listing has been removed, and Menelik said it was because the data was sold, but he declined to say how much.
Asked what he plans to do with the new data, Menelik said he hasn't decided yet.
TechCrunch reached out to Ireland's national data protection authority, which did not immediately respond to a request for comment, as some of the scraped data included personal information from customers in the European Union.
inquiry
Do you know more about this Dell hack? Or is it a similar data breach? From your non-work device, on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb, or by email at Lorenzo Franceschi-Bicchierai You can contact us safely. You can also contact TechCrunch via SecureDrop.