Jun 04 2024

Intern’s Corner – 49 Million Customer Records were Stolen from Dell in a Major Data Breach

We’re thrilled to introduce a new blog series, the “Intern’s Corner”, created by our talented interns. Over the next few months they will be sharing their perspectives, ideas, and insights on a variety of cybersecurity topics. Our interns bring great enthusiasm to the team, and we can’t wait to see what they create!

By: Jake Parisi and Zev Gabriel

This past month, confidential information on anyone who made a purchase with Dell within seven years was hacked, concerning many of its customers. 

The breach occurred through an unsecured API. The hacker, Menelik, claimed BreachForums on on the dark web marketplace, obtaining access to the data. Menelik fraudulently registered himself as a Dell Partner, allowing him to resell Dell products and gain access to the database. Database access was used to repeatedly request information from the system – at more than 5000 requests per minute. Menelik remained undetected for three weeks, managing to exfiltrate 49 million records. 

One cannot stress the gravity of a breach enough. Receivers of these emails were duped into disclosing private, classified information. Phishing attempts are common for attackers who use stolen information to increase trustworthiness. 

This is a vital educational opportunity for those in IT, cybersecurity, or data protection positions. A better understanding of this hacking strategy strengthens development of security plans for the future. Companies must prioritize data security and ensure protocols are in place to detect and respond to breaches promptly. This emphasizes the importance of cybersecurity procedures to safeguard client data.