Dell, the multinational information technology company. has announced that it detected and managed to stop unauthorized activity on its network on 9 November 2018. The company has said that no customer data nor any of its products were affected by the hacking attempt.

However, given that the hacking attempt was on their Dell.com customer portal, they have advised customers to change their passwords.

"On November 9, 2018, Dell detected and disrupted unauthorized activity on our network that attempted to extract Dell.com customer information, limited to names, email addresses and hashed passwords. Upon detection, we immediately implemented countermeasures and began an investigation. We also retained a digital forensics firm to conduct an independent investigation and engaged law enforcement. Through that investigation, we found no conclusive evidence that any customer information was taken. Furthermore, there is no indication that any credit card or other sensitive customer information was targeted. We have cybersecurity measures in place that limit the impact of any potential exposure, including the hashing of customers’ passwords. Out of an abundance of caution, we proactively reset Dell.com customers’ passwords to further protect customers and their accounts. No Dell products or services were affected."

Data breaches becoming common

Dell's disclosure of the attempted network and data breach comes not so long after Facebook announced that it had actually suffered a security breach that affected millions of the social network's users. With Facebook, the hack was also reported to have been unusual activity detected on its systems which turned out to be hackers exploiting a flaw that allowed them to take ownership of user access tokens.

This highlights how frequently Big Tech companies, given the amount of sensitive data they store, will become targets for hackers and other malicious actors.

Despite picking up the "unusual activity" on its network. Dell insists that no data breach was suffered.

Full statement by Dell

Dell is announcing that on November 9, 2018, it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords. Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted. Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These include the hashing of our customers’ passwords and a mandatory Dell.com password reset. Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services.

Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement.

In this age of highly sophisticated information security threats, Dell is committed to doing all it can to protect customers’ information. This includes encouraging customers to change passwords for other accounts if they use the same password for their Dell.com account. Dell will continue to invest in its information technology networks and security to detect and prevent the risk of unauthorized activity.

Dell.com customers can find more information on a dedicated web page Dell established at www.dell.com/customerupdate.

Note: This is a developing story and we will update it as soon as we hear back from Dell representatives.


Cover image credit: Dell head office in the USA. Dell