The Company says it detected an intrusive company the start of the month, but financial data was not exposed.
US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9.
Dell says it detected an unauthorized intruder (or intruders) "attempting to extract Dell.com customer information" from its systems, such as customer names, email addresses, and hashed passwords. The company didn't go into details about the complexity of the password hashing algorithm, but some of these --such as MD5-- can be broken within seconds to reveal the plaintext password.
In a statement sent to ZDNet, Dell said it's still investigating the incident, but said the breach wasn't extensive, with the company's engineers detecting the intrusion on the same day it happened. A Dell spokesperson declined to give out a number of affected accounts, saying "it would be imprudent to publish potential numbers when there may be none."
The company also said hackers didn't target payment card or any other sensitive customer information, and that the incident didn't cause a disruption of its normal services at the time of the breach or after.
Dell initiated a password reset for all Dell.com customer accounts after it detected the intrusion earlier this month.
The company said it notified law enforcement, and also hired a digital forensics firm to perform an independent investigation.
Based on currently revealed details, Dell appears to have exposed very little information associated with its official website, where most users come to shop official products or have discussions on its official support forums.
While Dell has downplayed the incident's impact, it is worth mentioning that many breached companies amend these initial revelations as their investigations advance.
SOURCE:
No comments:
Post a Comment