The threat actor behind the recent data breach at Dell revealed that he obtained information from 49 million customer records using a partner portal API that he accessed as a fake company.
According to the report, the data breach contained customer order information, including warranty data, service tags, customer names, installed locations, customer numbers, and order numbers.
THE EXPLOITATION OF VULNERABILITIES
The threat actor known as Menelik claimed that he was able to steal the data after discovering a portal for partners, resellers, and retailers that could be used to search for order information.
Menelik said he was able to access the portal by registering multiple accounts under fake company names and gained access within two days without verification.
THE EXPLOITATION OF THE API
Once he gained access to the portal, Menelik created a program that generated 7-digit service tags and sent them to the portal page starting in March to get the information returned.
LACK OF SECURITY MEASURES
Since the portal did not include any speed limits, the threat actor claims that he was able to collect information from 49 million customer records generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.
DELL RESPONSE
Menelik claimed to have sent emails to Dell on April 12 and 14 to report the bug to his security team, although he admits to having obtained 49 million records before contacting the company.
Dell confirmed receiving the emails from the threat actor but declined to answer further questions, stating that the incident is the subject of an active investigation by authorities.
APIS AS A WEAK POINT
Misuse of easily accessible APIs has become a massive weakness for businesses in recent years, with threat actors abusing them to obtain sensitive data and sell it to others.
CONCLUSIONS
This data breach at Dell highlights the critical importance of securing APIs and applying appropriate security measures to protect customer information. The exploitation of these vulnerabilities underscores the urgent need for greater vigilance and protection in the use of APIs in today’s cybersecurity landscape.