D-Link confirms data breach after employees hit with phishing attack

News
By Sead Fadilpašić
published

Company says leaked data is outdated and irrelevant

Petya nagscreen
(Image credit: Wikipedia)

Network gear maker D-Link has confirmed it suffered a breach that saw internal data stolen, but claims the data isn’t actually that useful to malicious actors. 

The company said two employees fell victim to a phishing attack that gave the attacker access to the company’s endpoints

To remedy the problem, D-Link shut down the breached servers and disabled the accounts in question.

Test environment

Earlier this month, a threat actor posted a new thread on a dark web forum, claiming to have stolen product source codes and identity information on customers, employees, and even the CEO.

"I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system," the attacker was cited saying. "This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company."

Apparently, the data that was stolen includes people’s names, emails, addresses, phone numbers, account registration dates, and the users' last sign-in dates. The attacker is asking for $500 for the database and has offered a handful of samples. 

However, the samples seem to be from a decade ago, something other forum members were quick to spot. 

As D-Link further explained, the attacker stole the data from a “test lab environment”, an outdated server that reached end-of-life in 2015. Also, the company said that the attacker stole some 700 records, and not millions, as they’re claiming.

"Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years," D-Link said. "These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information."

The company hinted that the threat actor is trying to trick people into thinking they have a more relevant database on their hands, and concluded that the current customers shouldn’t be affected by the incident.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.