Dell suffers security breach, reset customer passwords (but didn’t tell customers why until now)

Graham Cluley

Dell thumb

Dell suffers security breach, resets customer passwords

Computer manufacturer Dell has revealed that earlier this month it discovered that hackers had breached its security and were attempting to access customer details – including names, email addresses, and hashed passwords.

Affected sites are said to include Dell.com, Premier, Global Portal and support.dell.com (‘Esupport’), but it’s important to note that there is no reason to believe that customers’ financial information has been accessed.

Dell statement

On November 9, 2018, Dell detected and disrupted unauthorized activity on our network that attempted to extract Dell.com customer information, limited to names, email addresses and hashed passwords. Upon detection, we immediately implemented countermeasures and began an investigation. We also retained a digital forensics firm to conduct an independent investigation and engaged law enforcement.

The attack, which is said to have been spotted on Friday November 9, 2018, is said to have been “disrupted” by Dell’s security team. Nonetheless, as Reuters reports, when Dell reset customers’ passwords five days later “out of an abundance of caution” it did not reveal that it was taking the step because it had been targeted by hackers.

What also needs to be communicated is the importance of ensuring that you never reuse the same password on multiple websites. If a hacker were able to steal a password from one breached website then one of the first things they will try to do is use that very same password on other websites in an attempt to unlock your other online accounts.

One of the best pieces of advice I can give you is to always use strong, unique passwords and to store them safely inside a password manager program.

To learn more about password security you can do a lot worse than listen to this episode of the “Smashing Security” podcast:

Smashing Security #99: 'Passwords - A Smashing Security splinter (replay)'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES