Dell may have suffered another fairly embarrassing hack

News
By
published

Menelik strikes again

Two cybercriminals escape with stolen login credentials
(Image credit: Getty Images)

The recent major Dell data breach seems to be a bit more damaging than initially thought, after reports the same threat actor managed to abuse the same flaws to steal even more data.

A hacker going by Menelik recently managed to steal sensitive data on 30,000 Dell customers. The data includes people’s names, phone numbers, email addresses, service reports, data on hardware replacement, various hardware components, customer device diagnostic logs, and more. In some instances, the data even included photos taken by Dell customers which, among the metadata, included precise GPS locations of where the photos had been taken.

Some of the data even belongs to customers in the European Union, which might trigger GDPR with EU regulators.

Selling the intel

For now, TechCrunch says it has seen the data and it appears to be authentic. Speaking to the publication, the hacker said that at this time there are no concrete plans for the database: “I did find something for email and phone number data,” Menelik told TechCrunch. “But I am not going to do anything with it yet. I want to see how Dell responds to current topic.”

News recently broke of a hacker stealing, and offering to sell, information on postal addresses belonging to 49 million Dell customers, among other things. The data was grabbed by the same threat actor, Menelik, apparently from different Dell portals. They did it by registering multiple “partner” accounts, and then brute-forcing customer service tags. 

The initial batch of 49 million entries was put up for sale on a dark web portal and soon after, the post was removed. That suggests that Menelik managed to sell the database to someone, although until the information is abused in one way or another, it’s impossible to tell. So far, there are no reports of anyone using the information for any malicious purposes.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.