TechCrunch has uncovered another significant data breach at Dell, where an individual using the alias "Menelik" managed to extract detailed customer information from another Dell portal. This breach comes shortly after Dell confirmed an earlier incident, making it the second such disclosure in recent weeks.
The newly accessed data comprises names, phone numbers, email addresses, and specific details from customer service reports. These reports also include information about replacement hardware, parts, comments from engineers, dispatch numbers, and occasionally, diagnostic logs from customers’ computers. Moreover, several reports contained customer-uploaded images with metadata that disclosed precise GPS locations.
TechCrunch verified the authenticity of the personal information exposed, underscoring the seriousness of the breach. Menelik, who also claimed responsibility for the previous breach involving 49 million customer records, revealed that this latest vulnerability allowed access to about 30,000 U.S. customers’ data. He mentioned that the flaw exploited was similar to the previous one but limited the speed at which data could be scraped.
In the prior breach, Dell notified its customers of compromised data that included names, physical addresses, and various order details, which the company initially downplayed as posing minimal risk. However, the recent findings indicate the exposure of more sensitive information, contradicting Dell’s earlier reassurances.
Menelik communicated with TechCrunch, providing samples of the stolen data and copies of communications he had with Dell regarding the breaches. He stated his current intentions regarding the newly scraped data are undecided, waiting to see Dell’s response to the situation.
This breach’s timing and nature have raised concerns, especially since some data pertains to customers in the European Union, prompting TechCrunch to contact Ireland’s national data protection authority, which has yet to respond.
Dell has not commented on these latest developments. As the situation unfolds, the implications for customer privacy and Dell’s cybersecurity measures remain a significant concern.