In a shocking revelation, a threat actor claims to have obtained 49 million Dell customer records by brute-forcing an online company portal and scraping customer data directly from Dell’s servers. TechCrunch verified that some of the scraped data matches the personal information of Dell customers.
Dell sent an email to customers acknowledging a data breach that included customer names, physical addresses, and order information. Despite downplaying the breach’s impact, the threat actor revealed that he registered as a “partner” on a Dell portal, gaining access to sensitive customer service tags.
The threat actor admitted to sending thousands of requests per minute to extract data over a three-week period before notifying Dell of the vulnerability. Screenshots of emails sent to Dell in mid-April were shared, confirming the company received the notifications.
The stolen database of Dell customers’ data was listed on a hacking forum, with TechCrunch confirming the legitimacy of the information by cross-referencing names and service tags with breach notification recipients.
While Dell has not disclosed who the physical addresses belong to, TechCrunch’s analysis suggests they relate to the original purchaser of Dell equipment. Dell did not dispute these findings when questioned.
In response to the threat actor’s claims, Dell stated they were already investigating the incident before receiving the email and have notified law enforcement. The company emphasized the criminal nature of the threat actor and vowed to protect the integrity of their ongoing investigation.