Attackers were trying to exfiltrate customer data (i.e. names, email addresses, and hashed passwords) from the company portal Dell.com, from support.dell.com websites.
Wednesday that its online electronics marketplace experienced a “cybersecurity incident” earlier this month when an unknown group of hackers infiltrated its internal network.
As a precautionary measure, Dell forced reset passwords for all accounts on Dell.com website, the company also announced additional measures to mitigate potential effects of the incident.
At the time it is still unclear if hackers succeeded in stealing customer information, the investigation is still ongoing and Dell hasn’t shared any technical details on the intrusion. Dell hired a digital forensics firm to conduct an investigation and reported the incident to law enforcement.
“On November 9, 2018, Dell detected and disrupted unauthorized activity on our network that attempted to extract Dell.com customer information, limited to names, email addresses and hashed passwords,” read the data breach notification published by Dell.
“Upon detection, we immediately implemented countermeasures and began an investigation. We also retained a digital forensics firm to conduct an independent investigation and engaged law enforcement.”
The tech firm confirmed that payment information and Social Security numbers were not exposed due to the security breach.
“Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services.” continues Dell.
Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation.”
Customers having a Dell account or that contacted the online support can find more information on a dedicated web page Dell established at www.dell.com/customerupdate.
Customers need to change passwords for any other account on other services if they use the same password for their Dell.com account.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.