Dell may have suffered another fairly embarrassing hack

Some of the data even belongs to customers in the European Union, which might trigger GDPR with EU regulators.

Selling the intel

For now, TechCrunch says it has seen the data and it appears to be authentic. Speaking to the publication, the hacker said that at this time there are no concrete plans for the database: “I did find something for email and phone number data,” Menelik told TechCrunch. “But I am not going to do anything with it yet. I want to see how Dell responds to current topic.”

News recently broke of a hacker stealing, and offering to sell, information on postal addresses belonging to 49 million Dell customers, among other things. The data was grabbed by the same threat actor, Menelik, apparently from different Dell portals. They did it by registering multiple “partner” accounts, and then brute-forcing customer service tags. 

The initial batch of 49 million entries was put up for sale on a dark web portal and soon after, the post was removed. That suggests that Menelik managed to sell the database to someone, although until the information is abused in one way or another, it’s impossible to tell. So far, there are no reports of anyone using the information for any malicious purposes.

More from TechRadar Pro

• MacOS devices are being targeted with PyPI backdoor to sneak into corporate networks
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now