Connect with us

Hi, what are you looking for?



Dell Resets User Passwords Following Data Breach

Dell informed customers on Wednesday that the passwords for their accounts have been reset after the company recently discovered unauthorized access on its network.

Dell informed customers on Wednesday that the passwords for their accounts have been reset after the company recently discovered unauthorized access on its network.

According to the tech giant, the breach was detected and neutralized on November 9. The attacker apparently attempted to extract user information, limited to names, email addresses and hashed passwords. allows users to purchase Dell devices, services and solutions, and it hosts support services for the company’s products.

Dell’s investigation so far “found no conclusive evidence” that data was actually stolen, but it admitted that at least some of the information could have been exfiltrated. The company claimed credit card and other sensitive information was not exposed.

However, as a precaution, account passwords are being reset and users have been advised to change passwords for other accounts that use the same one. The password reset procedure will also affect the Premier, Global Portal, and (Esupport) online services. and accounts are not impacted, and Dell says the breach has not affected any of its products or services.

“Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement,” the company said in a press release.

Dell has not shared any information on how many users had their information exposed. 

Advertisement. Scroll to continue reading.

“First, Dell states that the attackers attempted to extract ‘…information, which was limited to names, email addresses and hashed passwords.’ They later state that ‘no sensitive information was targeted’. In stressing that the information lost was ‘limited’ to those name, email, and hashed password, and that those items are not sensitive, Dell seems to downplay the extent of the breach,” Sumit Agarwal, co-founder and COO at Shape Security, told SecurityWeek.

“However, in security circles, email and hashed passwords are also known as the keys to the kingdom in terms of giving criminals full access to other accounts belonging to a given user who may have re-used those credentials information elsewhere. It is highly likely that criminals will be able to discover at least some of stolen passwords, unless Dell had in place, particularly sophisticated hashing techniques. Historically, this has not been the case for many companies who were similarly breached, which is why more than 10M username/password pairs per day were stolen, on average, throughout 2017,” Agarwal added.

Related: Dell Patches Vulnerability in Pre-installed SupportAssist Utility

Related: Patches Released for Flaws Affecting Dell EMC, VMware Products

Related: Nine Remotely Exploitable Vulnerabilities Found in Dell EMC Storage Platform

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...