Security News > 2024 > May > Dell API abused to steal 49 million customer records in data breach

Dell API abused to steal 49 million customer records in data breach
2024-05-10 19:30

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.

Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach.

This data breach contained customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.

As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

TechCrunch first reported Menelik's use of this API to scrape Dell customer data.

Dell warns of data breach, 49 million customers allegedly affected.


News URL

https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005