Dell had begun sending alerts to customers informing them that their personal information had been stolen in a data breach.
The Breach
This data breach compromised customer order data, which included warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.
On April 28th, a threat actor, Menelik, posted the data for sale on the Breached hacking forum, but the administrators quickly removed the post.
Menelik said that they were able to obtain the data after discovering a portal where partners, distributors, and merchants could look up order information.
Menelik claims that by opening many identities under bogus firm names, he could gain access to the portal within two days without verification.
Registering as a Partner is quite simple. You simply fill out an application form, Menelik explained.
APIs are being exploited in data breaches
Easy-to-access APIs have become a major business liability in recent years, with threat actors exploiting them to scrape sensitive data and sell it to other threat actors.
Threat actors linke
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.