Security News > 2024 > May > Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach.
This data breach contained customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.
As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.
TechCrunch first reported Menelik's use of this API to scrape Dell customer data.
Dell warns of data breach, 49 million customers allegedly affected.
News URL
Related news
- Dell warns of data breach, 49 million customers allegedly affected (source)
- Coding error in forgotten API blamed for massive data breach (source)
- Panda Restaurants discloses data breach after corporate systems hack (source)
- 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element (source)
- UK confirms Ministry of Defence payroll data exposed in data breach (source)
- Largest non-bank lender in Australia warns of a data breach (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Banco Santander warns of a data breach exposing customer info (source)
- Nissan North America data breach impacts over 53,000 employees (source)
- MediSecure e-script firm hit by ‘large-scale’ ransomware data breach (source)