The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company. Dell had started to send notifications warning customers that their personal data was stolen in a data breach. This data breach contained customer order data, including The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company.
So, they stole barely anything better than public information. I guess if you really wanted to, you could use the info to target a specific person with a known zero-day, since you know what hardware they potentially have, but not really something the average person should be worried about.
It’s interesting that it was so easy to do, though, and I hope Dell audits any other APIs they provide.
My takeaway is targeted scam calls. You take the name and address, look up their phone number, and now you have very specific information to craft a credible scam warranty call or something with.
“We’re calling about your monitor’s extended warranty…”