Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dell Resets User Passwords Following Data Breach

Dell informed customers on Wednesday that the passwords for their Dell.com accounts have been reset after the company recently discovered unauthorized access on its network.

Dell informed customers on Wednesday that the passwords for their Dell.com accounts have been reset after the company recently discovered unauthorized access on its network.

According to the tech giant, the breach was detected and neutralized on November 9. The attacker apparently attempted to extract Dell.com user information, limited to names, email addresses and hashed passwords.

Dell.com allows users to purchase Dell devices, services and solutions, and it hosts support services for the company’s products.

Dell’s investigation so far “found no conclusive evidence” that data was actually stolen, but it admitted that at least some of the information could have been exfiltrated. The company claimed credit card and other sensitive information was not exposed.

However, as a precaution, Dell.com account passwords are being reset and users have been advised to change passwords for other accounts that use the same one. The password reset procedure will also affect the Premier, Global Portal, and support.dell.com (Esupport) online services. DellEMC.com and DellTechnologies.com accounts are not impacted, and Dell says the breach has not affected any of its products or services.

“Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement,” the company said in a press release.

Dell has not shared any information on how many users had their information exposed. 

“First, Dell states that the attackers attempted to extract ‘…information, which was limited to names, email addresses and hashed passwords.’ They later state that ‘no sensitive information was targeted’. In stressing that the information lost was ‘limited’ to those name, email, and hashed password, and that those items are not sensitive, Dell seems to downplay the extent of the breach,” Sumit Agarwal, co-founder and COO at Shape Security, told SecurityWeek.

Advertisement. Scroll to continue reading.

“However, in security circles, email and hashed passwords are also known as the keys to the kingdom in terms of giving criminals full access to other accounts belonging to a given user who may have re-used those credentials information elsewhere. It is highly likely that criminals will be able to discover at least some of stolen passwords, unless Dell had in place, particularly sophisticated hashing techniques. Historically, this has not been the case for many companies who were similarly breached, which is why more than 10M username/password pairs per day were stolen, on average, throughout 2017,” Agarwal added.

Related: Dell Patches Vulnerability in Pre-installed SupportAssist Utility

Related: Patches Released for Flaws Affecting Dell EMC, VMware Products

Related: Nine Remotely Exploitable Vulnerabilities Found in Dell EMC Storage Platform

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.