If you’ve purchased anything from Dell in the past seven years, it’s likely that the Dark Web now knows as well.
Dell is confirming a data breach that reportedly covers “49 million customer records,” according to Bleeping Computer. While Dell is confirming that a breach occurred, the scope of the breach hasn’t been confirmed. A hacker on the Dark Web is reportedly claiming that the breach involves the 49 million records, with information that dates back seven years ago to 2017.
What Dell is telling people, according to the report, is that name, address, and hardware, service, and order information was leaked. If you’ve purchased anything from Dell, or engaged with customer support for a service or warranty request, that information is likely available to whoever wants to buy the information.
So far, Dell is not saying that any financial information was breached, including credit cards or payment information, or even your telephone number or email address.
That’s good, but as Bleeping Computer points out, it does leave you potentially vulnerable to a physical attack — i.e. someone sending a letter and using your Dell service history as “proof” that the contact is legitimate. Such a followup could include asking for financial information, however, or some other attack that tries to extract personal information.
In a followup, Bleeping Computer reported that the hacker obtained the data via an unsecured API, attached to a partner portal. The hacker revealed that the majority of records were attached to monitors and Dell Inspiron computers.
Right now, Dell doesn’t believe that there is “significant risk,” and they’re probably right if the initial scope of the breach is accurate. If you have purchased a Dell PC or peripheral, though, keep an eye open for suspicious activity.
Updated at 3:27 PM with additional detail from Bleeping Computer.