Dell Data Breach: API Abused to Steal 49 Million Customer Records

The threat actor behind the recent data breach at Dell revealed that he obtained information from 49 million customer records using a partner portal API that he accessed as a fake company.

According to the report, the data breach contained customer order information, including warranty data, service tags, customer names, installed locations, customer numbers, and order numbers.

THE EXPLOITATION OF VULNERABILITIES

The threat actor known as Menelik claimed that he was able to steal the data after discovering a portal for partners, resellers, and retailers that could be used to search for order information.

Menelik said he was able to access the portal by registering multiple accounts under fake company names and gained access within two days without verification.

 

THE EXPLOITATION OF THE API

Once he gained access to the portal, Menelik created a program that generated 7-digit service tags and sent them to the portal page starting in March to get the information returned.

 

LACK OF SECURITY MEASURES

Since the portal did not include any speed limits, the threat actor claims that he was able to collect information from 49 million customer records generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

 

DELL RESPONSE

Menelik claimed to have sent emails to Dell on April 12 and 14 to report the bug to his security team, although he admits to having obtained 49 million records before contacting the company.

Dell confirmed receiving the emails from the threat actor but declined to answer further questions, stating that the incident is the subject of an active investigation by authorities.

 

APIS AS A WEAK POINT

Misuse of easily accessible APIs has become a massive weakness for businesses in recent years, with threat actors abusing them to obtain sensitive data and sell it to others.

 

CONCLUSIONS

This data breach at Dell highlights the critical importance of securing APIs and applying appropriate security measures to protect customer information. The exploitation of these vulnerabilities underscores the urgent need for greater vigilance and protection in the use of APIs in today’s cybersecurity landscape.

Related Posts
Clear Filters
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.