Security News > 2024 > May > Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach.
This data breach contained customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.
As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.
TechCrunch first reported Menelik's use of this API to scrape Dell customer data.
Dell warns of data breach, 49 million customers allegedly affected.
News URL
Related news
- BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key (source)
- GrubHub data breach impacts customers, drivers, and merchants (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Fintech giant Finastra notifies victims of October data breach (source)
- US drug testing firm says data breach impacted 3.3 million people (source)
- US drug testing firm DISA says data breach impacts 3.3 million people (source)
- Background check, drug testing provider DISA suffers data breach (source)
- Data breach at Japanese telecom giant NTT hits 18,000 companies (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)