Topics

in vogue

AI

Amazon

Article image

Image Credits:Ramon Costa/SOPA Images/LightRocket / Getty Images

Apps

Biotech & Health

mood

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

fund raise

Gadgets

gage

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

security measures

Social

quad

Startups

TikTok

Transportation

Venture

More from TechCrunch

result

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

get through Us

The someone whoclaimed to have stolen the strong-arm addresses of 49 million Dell customersappears to have film more data from a different Dell portal , TechCrunch has learned .

Several report seen by TechCrunch carry icon apparently taken by customers and upload to Dell seek expert support . Some of these pictures hold in metadata revealing the precise GPS coordinates of the locating where the customer took the photos , according to a sample of the scraped data get by TechCrunch .

TechCrunch has confirm that the customers ’ personal information appears genuine .

This is the 2d revelation of exposed Dell customer data in as many hebdomad . Last week , Dell send word customers that it had receive a data breach , saying in an electronic mail that the technology giant was enquire “ an incident need a Dell portal , which contains a database with limited types of client information related to leverage from Dell . ”

The stolen datum included customer names and forcible savoir-faire , as well as less sensitive data point , such as “ Dell hardware and order information , including service ticket , detail description , particular date of order and related to warrantee information . ”

Dell understate the breach at the time , saying that the spill of customer addresses did not position “ a important danger to our customers , ” and that the stolen selective information did not let in “ any highly sensitive customer information , ” such as electronic mail address and phone number .

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

A person who rifle by the online handle Menelik claimed responsibility for both data point breaches . In an interview with TechCrunch , Menelik provided a sample of the datum he slip , which allowed TechCrunch to verify that the data was legitimate . Menelik also provided copies of emails he sent to Dell , and the company confirmed to TechCrunch that it received an e-mail about the data breach from Menelik .

Now , it appear Menelik found another flaw in another Dell vena portae , which allowed him to kowtow more client data .

“ I did incur something for electronic mail and phone number datum , ” Menelik told TechCrunch . “ But I am not going to do anything with it yet . I require to see how Dell responds to current subject . [ sic ] ”

A day after this article was published , an unnamed Dell voice secernate TechCrunch that the companionship is cognisant of the reports and is investigating .

Menelik said that he had scraped the data point of around 30,000 U.S. customers , and tell that the flaws he is exploiting are standardized to the bugs that allowed him to find the first turn of 49 million customer records . But this 2nd exposure prevents him from collecting the data as quickly as during the first breach .

As TechCrunch first describe , in the first falling out Menelik said he was able to scrape Dell customers ’ data from a portal vein where he register several accounts as a “ collaborator , ” mean he feign to go companies that resells Dell product or services . Once Dell approved his asking , Menelik articulate he was able to brute - military group customer service tag end , which are made of seven dactyl of only turn and consonant .

Asked what he plans to do with the novel data , Menelik read that he has n’t decide yet .

Given that some of the grate data contains personal information on customers in the European Union , TechCrunch extend to out to Ireland ’s national data protection authority , which did not like a shot respond to a postulation for comment .

UPDATE , Wednesday May 15 , 2:45 p.m. ET : This tale was update to include Dell ’s commentary .

Do you make love more about this Dell ward-heeler ? Or standardized data breaches ? From a non - work machine , you could reach Lorenzo Franceschi - Bicchierai securely on Signal at +1 917 257 1382 , or via Telegram , Keybase and Wire @lorenzofb , oremail . You also can contact TechCrunch viaSecureDrop .