What the Dell? Customer passwords reset after miscreants break into Big Mike's IT emporium

Round Rock insists no data actually swiped after intruder spotted on internal network

Michael Dell, photo: Dell
Michael Dell, in happier times

Dell is resetting all customer passwords on its website after a hacker or hackers unknown infiltrated its internal network.

Big Mike's server and PC biz says that the move is a precautionary measure after someone broke in and tried to get into a database containing customer names, email addresses, and hashed passwords, in what the IT giant is calling a "Potential Cybersecurity Incident." The tech slinger reckons the miscreants left empty handed.

The saga began on November 9, when Dell says its admins detected an unauthorized user on the network attempting to access customer account data. While the offending party was promptly booted, Dell isn't sure what they were able to get, if anything.

"Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted," Dell said today in a statement disclosing the daring cyber-heist bid.

"Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure."

No payment card information was accessed, and Dell said that none of its other services were affected by the network security breach, including Dell's EMC and DellTechnologies.com sites.

While Dell works to determine just what, if anything, the hackers may have been able to access, the company is resetting and then hashing the passwords. Anyone who might have re-used their Dell.com password on another site (for the nth time; don't do this) is being advised to change those credentials as well.

smashed spectacles

Vision Direct 'fesses up to hack that exposed customer names, payment cards

READ MORE

"Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation," the IT hardware giant said.

"Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement."

A website has been set up to keep customers updated on any further developments in the case.

If the early indications are to be believed, Dell looks to have dodged a bullet. As no personal information or card details were accessed, the hardware vendor will not need to pay up for credit monitoring or identity protection service for customer. Once the password is reset, Dell says customers will be protected even if that information was found to have been stolen at all.

Still, the incident should come as a wake-up call to administrators and users alike. If one of the largest computing companies in the world can be at least partially breached by hackers, smaller companies can easily fall victim themselves. ®




Biting the hand that feeds IT © 1998–2018