Dell hacker says they were able to to directly attack company servers to scrape data

Benedict Collins

May 13, 2024 at 8:40 AM·2 min read

A threat actor claiming to be behind the recent Dell data breach has said he managed to steal the data of 49 million customers by brute-forcing a company portal and milking it for almost three weeks.

Dell released a statement saying that there was no “significant risk to our customers”, however the data stolen includes names and postal addresses, alongside other data relating to purchases of Dell products.

The hacker, known as Menelik, told TechCrunch exactly how he managed to extract such a huge amount of data without being detected.

Lurker

Menelik set up a number of partner accounts within the Dell company portal which, when approved, allowed the hacker to brute force the customer service tags and gain access to the data. The hacker “sent more than 5,000 requests per minute to this page that contains sensitive information.”

“Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik said.

Dell confirmed to TechCrunch that they received the hackers email notification of the vulnerability, and a spokesperson for the company stated that “this threat actor is a criminal and we have notified law enforcement. We are not disclosing any information that could compromise the integrity of our ongoing investigation or any investigations by law enforcement.”

There is a possibility that customers who were not affected by the breach may have been incorrectly notified that their data was stolen, as TechCrunch provided Menelik with names and service tags of a number of customers to verify against the database (with their permission), and while some were easily found, others were not on the list at all.

More from TechRadar Pro

These are the best privacy tools and anonymous browsers
LLM services are being hit by hackers looking to sell on private info
Check out some of the best malware removal tools

TechCrunch
Threat actor scraped Dell support tickets, including customer phone numbers
The person who claimed to have stolen the physical addresses of 49 million Dell customers appears to have taken more data from a different Dell portal, TechCrunch has learned. The newly compromised data includes names, phone numbers and email addresses of Dell customers. This personal data is contained in customer “service reports,” which also include information on replacement hardware and parts, comments from on-site engineers, dispatch numbers and, in some cases, diagnostic logs uploaded from the customer's computer.
Yahoo Sports
Texans WR Tank Dell takes part in OTAs 3 weeks after being shot
Dell was one of 10 victims shot outside an Orlando bar on April 28.
TechCrunch
Dell discloses data breach of customers' physical addresses
Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers’ names and physical addresses. In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating “an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.” Dell wrote that the information accessed in the breach included customer names, physical addresses and “Dell hardware and order information, including service tag, item description, date of order and related warranty information.”
TechCrunch
Ireland privacy watchdog confirms Dell data breach investigation
A top European privacy watchdog is investigating following the recent breaches of Dell customers' personal information, TechCrunch has learned. Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has received “a breach notification on this matter" — referring to Dell — which is "currently under assessment.”
Yahoo Sports
Texans: Tank Dell 'will make a full recovery' after being shot, but his status for Week 1 isn't clear
Details of Dell's injury remain unclear, and his status for the start of the 2024 season is uncertain.
Yahoo Celebrity
'General Hospital' actor Johnny Wactor killed by car thieves 'without provocation,' police say. Here's where the investigation stands.
Johnny Wactor, former "General Hospital" star, was shot and killed in downtown L.A. Police are now asking for the public's help.
Yahoo Personal Finance
Is mobile banking safe? Keep your personal data secure with these mobile banking security tips.
Mobile banking helps you manage your money from anywhere — but is it safe? Learn more about mobile banking security and the steps you can take to protect your data.
Autoblog
2025 Acura MDX prices rise thanks to new tech and audio
Prices for the 2025 Acura MDX rise from $850 to $2,000 thanks to new tech and a new audio system. The brand also reworked the trim structure at the top.
Yahoo Finance
The Porsche 911 enters its hybrid era
For the first time in its 50-year history, the Porsche 911 is getting electrified, with hybrid power coming to the iconic sports car later this year.
Yahoo Sports
Let's do that hockey
With the NBA about to take a break before its Finals, the NHL takes center stage.
Engadget
The TikTok ban law will be argued in court this September
TikTok will face off with the Justice Department this fall in its bid to stop a law that could lead to a ban of the app in the United States.
Engadget
Ooni's larger, dual-zone Koda 2 Max pizza oven is now available for pre-order
Ooni's largest pizza oven yet allows you to monitor food and ambient temps from your phone. It's now available for pre-order and ships in July.
Yahoo Life Shopping
Drew Barrymore says this cleanser is 'by far the best,' and it's only $12 on Amazon
More than 42,000 five-star fans agree: It's the easiest way to remove makeup, no harsh scrubbing required.
TechCrunch
A comprehensive list of 2024 tech layoffs
The tech layoff wave is still going strong in 2024. Following significant workforce reductions in 2022 and 2023, this year has already seen 60,000 job cuts across 254 companies, according to independent layoffs tracker Layoffs.fyi. Companies like Tesla, Amazon, Google, TikTok, Snap and Microsoft have conducted sizable layoffs in the first months of 2024.
Engadget
T-Mobile to acquire majority of US Cellular, further consolidating carrier market
T-Mobile will acquire most of US Cellular in a $4.4 billion deal. The company hopes to use the acquisition to provide better coverage in rural areas.
TechCrunch
The demise of BaaS fintech Synapse could derail the funding prospects for other startups in the space
Last week, we reported on how Copper Banking, a digital banking service aimed at teens, abruptly discontinued its bank deposit accounts and debit cards. The situation was just one of many where companies and consumers are being impacted by the implosion of banking-as-a-service company (BaaS) Synapse.
Yahoo Life Shopping
Hundreds of tummy-control swimsuits are on sale at Amazon — these are the most flattering, and they're under $40
Make a splash in these fan-favorite one-pieces.
Yahoo Life Shopping
This 'absolutely gorgeous' 10-piece Carote nonstick cookware set is a steal at $80 — that's nearly 50% off
The granite pots and pans produce even results and clean up easily, according to 16,000+ five-star fans.
TechCrunch
YouTube's free games catalog 'Playables' rolls out to all users
YouTube's "app store" for games is rolling out more broadly. The company announced on Tuesday that its collection of lightweight, free games dubbed "Playables" will soon start to appear in the YouTube app for all users, in addition to the YouTube Home page. Previously, the games had been made available to select users for testing before arriving for YouTube Premium subscribers last November.
Yahoo Life Shopping
Walmart's extended Memorial Day sale is a treat — these are the 35 best deals on summer essentials, outdoor faves and more
Post-holiday haul: A Keurig hot and iced coffee maker for $89, an adorable mini projector for just $85 and a robovac-mop combo for $240 off.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Dell hacker says they were able to to directly attack company servers to scrape data

Lurker

More from TechRadar Pro

Recommended Stories

Threat actor scraped Dell support tickets, including customer phone numbers

Texans WR Tank Dell takes part in OTAs 3 weeks after being shot

Dell discloses data breach of customers' physical addresses

Ireland privacy watchdog confirms Dell data breach investigation

Texans: Tank Dell 'will make a full recovery' after being shot, but his status for Week 1 isn't clear

'General Hospital' actor Johnny Wactor killed by car thieves 'without provocation,' police say. Here's where the investigation stands.

Is mobile banking safe? Keep your personal data secure with these mobile banking security tips.

2025 Acura MDX prices rise thanks to new tech and audio

The Porsche 911 enters its hybrid era

Let's do that hockey

The TikTok ban law will be argued in court this September

Ooni's larger, dual-zone Koda 2 Max pizza oven is now available for pre-order

Drew Barrymore says this cleanser is 'by far the best,' and it's only $12 on Amazon

A comprehensive list of 2024 tech layoffs

T-Mobile to acquire majority of US Cellular, further consolidating carrier market

The demise of BaaS fintech Synapse could derail the funding prospects for other startups in the space

Hundreds of tummy-control swimsuits are on sale at Amazon — these are the most flattering, and they're under $40

This 'absolutely gorgeous' 10-piece Carote nonstick cookware set is a steal at $80 — that's nearly 50% off

YouTube's free games catalog 'Playables' rolls out to all users

Walmart's extended Memorial Day sale is a treat — these are the 35 best deals on summer essentials, outdoor faves and more