Dell announces security breach | ZDNet
Hardware giant Dell announced today a security breach that took place earlier this month, on November 9.
Dell says it detected an unauthorized intruder (or intruders) “attempting to extract Dell.com customer information” from its systems, such as customer names, email addresses, and hashed passwords.
The company didn’t go into details about the complexity of the password hashing algorithm. Some of these –such as MD5– can be broken within seconds to reveal the plaintext password.
“Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted,” Dell said today in a press release.
The company also said hackers didn’t target payment card or any other sensitive customer information, and that the incident didn’t cause a disruption of its normal services at the time of the breach or after.
After announcing the incident today, Dell initiated a password reset for all Dell.com customer accounts.
The company said it notified law enforcement, and also hired a digital forensics firm to perform an independent investigation.
Based on currently revealed details, Dell appears to have exposed very little information associated with its official website, where most users come to shop official products or have discussions on its official support forums.
While Dell has downplayed the incident’s impact, it is worth mentioning that many breached companies amend these initial revelations as their investigations advance.
Besides resetting passwords, Dell.com users should manually review what information they’ve stored in their respective accounts. In case they’ve saved financial information, they should keep an eye on card statements, to be on the safe side.
This is a developing story. ZDNet has reached out to Dell with some questions to clarify some details regarding the incident. The article might receive corrections and new information as it becomes available.