Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach. This breach encompassed customer order details, such as warranty specifics, service tags, names of customers, installation addresses, customer IDs, and order references. Via email communication, the computer and IT product manufacturer alerted users that it is currently probing an occurrence involving a Dell platform housing restricted categories of customer data linked to purchases made by the company. On April 28th, an individual identified as Menelik posted the data for sale on the Breached hacking forum, but moderators swiftly removed the post. The image below shows the post by the malicious threat actor on the forum. **How did API abuse lead to the Dell data leakage? ** In an exclusive conversation with BleepingComputer, threat actor Menelik disclosed that they were able to access and steal the data after coming across a portal that was used by resellers, partners, and retailers to access order information. Menelik claimed to have gained entry into the portal by registering multiple accounts using fabricated company names, successfully obtaining access within just two days without any verification. Speaking to…Read More
Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse
