The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company. Dell had started to send notifications warning customers that their personal data was stolen in a data breach. This data breach contained customer order data, including The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company.
  • Telorand@reddthat.comEnglish
    6·
    6 months ago

    So, they stole barely anything better than public information. I guess if you really wanted to, you could use the info to target a specific person with a known zero-day, since you know what hardware they potentially have, but not really something the average person should be worried about.

    It’s interesting that it was so easy to do, though, and I hope Dell audits any other APIs they provide.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      3·
      6 months ago

      My takeaway is targeted scam calls. You take the name and address, look up their phone number, and now you have very specific information to craft a credible scam warranty call or something with.