Dell Data Breach: 49M Customer Records Exposed

In a data breach that has caused anxiety about security and privacy, Dell, a technology hardware giant, has admitted to its occurrence having affected 49 million customer records. The unsecured API linked to a partner portal allowed hackers to swipe a huge amount of information about customers from Dell’s database.

Dell Data Breach Customer Records: Source Daily Dark Web
Dell customer data on Breach Forums
Source: Daily Dark Web

Methodology of the Breach

The hacker, known as Menelik, shared his methodology with TechCrunch .

“Believe me or not, I kept doing this for nearly 3 weeks and Dell did not notice anything. Nearly 50 Million requests…After I thought I got enough data, I sent multiple emails to Dell and notified the vulnerability. It took them nearly a week to patch it all up,” Menelik said.

Dell on the other hand, responded with “Let’s keep in mind, this threat actor is a criminal and we have notified law enforcement.”

  • Exploiting Partner Accounts: The threat actor created multiple “partner” firms known by different names for multiple accounts thereby leading in access to sensitive customer records.
  • Scraping Customer Data: They stole huge amounts of client data directly from Dell’s servers including personal particulars and purchase information.
  • Persistence and Volume: For nearly three weeks, the perpetrator launched an unyielding onslaught of appeals that led to almost 50 million records.
  • Reporting:  They emailed Dell on April 12th and 14th to report the bug to Dell security team
Dell Data Breach Customer Records: Email to Dell from Menelik
Email sent to Dell about partner portal flaw
Source: Menelik

“Prior to receiving the threat actor’s email, Dell was already aware of and investigating the incident, implementing our response procedures and taking containment steps. We have also engaged a third-party forensics firm to investigate.”

Stolen Data Details

The exposed data has customer order data, including warranty information, service tags, names, locations, customer numbers, and order numbers.

The hacker, Menelik says the stolen customer records include the following hardware breakdown:

  • Monitors: 22,406,133
  • Alienware Notebooks: 447,315
  • Chromebooks: 198,713
  • Inspiron Notebooks: 11,257,567
  • Inspiron Desktops: 1,731,767
  • Latitude Laptops: 4,130,510 
  • Optiplex: 5,177,626
  • Poweredge: 783,575
  • Precision Desktops: 798,018
  • Precision Notebooks: 486,244
  • Vostro Notebooks: 148,087
  • Vostro Desktops: 37,427
  • Xps Notebooks: 1,045,302
  • XPS/Alienware desktops: 399,695

Mitigation Efforts

Incident response protocols were deployed by Dell, containment strategies were employed, and external forensic experts were contracted to investigate and fix vulnerabilities.

Conclusion

Dell has advised customers to remain vigilant at all times by reporting any suspicious activities associated with their accounts or purchases as soon as possible.

Dell Email to Customers

The 49 million customer purchase data between 2017-2024 looks like the perfect phishing bait. Anyone posing as dell representative can trick users into clicking links and being set up for credential theft.

We need to prevent a phishing incident like those that rocked Okta, Dropbox and Lastpass. It becomes imperative to fortify your organization with robust authentication methods. Embracing passwordless authentication could be precisely the solution needed. After all, if you don’t possess traditional credentials, they can’t be stolen, can they?

Read Also

Massive Data Breach: 125 Million Records Exposed Due to Firebase Misconfiguration

CASPR – The Ultimate Code Defender

Amidst the fear of breaches and mishaps, a beacon of hope emerges : PureAUTH CASPR. This innovative solution redefines code security by tackling the inherent vulnerabilities in source control systems, paving the way for a new era of trust and integrity in software development.

Overview

Source control, pivotal in any project, demands vigilance against malicious code. Yet, traditional commit signing places the onus on developers, leaving organizations vulnerable to rogue actors. Enter PureAUTH CASPR, a security revolution for a paradigm shift in securing code repositories.

Security Challenges

For IT security teams, configuring repositories and user access control is paramount. Meanwhile, developers grapple with integrating security practices without impeding release cycles, especially in large teams where enforcing consistency proves daunting.

Developer Challenges

Security is a luxury, not a necessity between the junior developers. Deadlines, Lack of Awareness, and human error at developer’s side is very much possible. Such occurrences can compromise the CI/CD pipeline, and allow un-trusted commits and data to seep in.

GitGuardian saw a massive 1,212x increase in the number of OpenAI API keys leaked on GitHub compared to 2022, leaking an average of 46,441 API keys per month, achieving the highest growing data point in the report.

Our Solution

PureAUTH CASPR empowers organizations to uphold a trusted codebase through seamless integration with user-authenticated profiles. By leveraging trusted signing keys tied to corporate machines, developers ensure commit integrity while thwarting insider threats upon employee separation.

Key Benefits

  1. Trust Your Keys, Zero Trust: Generate GPG key-pairs recognised and trusted by PureAUTH using AuthVR5. Reject commits signed with unauthorised keys.
  2. Revocation On Departure: Revoke signing keys instantly when employees leave, directly from Active Directory, eliminating the risk of delayed access removal.
  3. Passwordless Authentication, Security Made Easy: Utilise passwordless authentication for DevOps platform login, eliminating password leaks and phishing threats.
  4. Effortless Key Management: Developers can easily generate GPG keys and configure repositories, streamlining the authentication process.
  5. Trust But Verify: Verify each commit in the CI/CD pipeline, ensuring it’s signed with AuthVR5-generated keys by current organization-affiliated developers.

How it Works

  1. Administrator onboards users onto PureAUTH platform.
  2. User creates AuthVR5 profile.
  3. User generates trusted GPG key-pair.
  4. Repository configured for AuthVR5 commit signing.
  5. User signs commits using AuthVR5.
  6. Code pushed to DevOps platform.
  7. Code Defender CI/CD module verifies signatures.
  8. Deployment halted if checks fail; admin notified.
CASPR, Code Security Revolution Process

With PureAUTH CASPR, the era of compromised code and breached repositories draws to a close. Embrace the future of code security, safeguarding your digital assets with confidence and resilience.

Read Also

Massive Data Breach: 125 Million Records Exposed Due to Firebase Misconfiguration

Introduction

Logykk, xyzeva, and MrBruh have unveiled a troubling truth: 900+ sites suffered a Firebase misconfiguration, exposing 125M user records. The records contain plaintext passwords and sensitive billing information.

Scanning for Vulnerabilities

Initially, researchers employed a Python scanner, but it proved impractical due to memory consumption issues. Subsequently, they turned to Go-based scanning, which, though expected to conclude in 11 days, actually took nearly 2 to 3 weeks, producing valuable insights.

Identifying Misconfigurations

To expedite the process, researchers compiled a shortlist of potentially affected websites and developed the “Catalyst” scanner. This tool identifies read access to Firebase collections and calculates the impact of exposed data, facilitating efficient analysis.

Uncovering Disturbing Findings

The resulting database revealed alarming statistics: 84 million names, 106 million email addresses, 33 million phone numbers, 20 million passwords, and 27 million pieces of billing information were compromised. What’s more interesting, is that 98% of passwords, or 19,867,627 to be exact, are in plain text. The researchers added that these numbers should be taken with a grain of salt. Real numbers of impact can be much larger. Among the impacted sites were Silid LMS, Lead Carrot, and MyChefTool, with millions of user records exposed, underscoring the severity of the breach.

Numbers of Firebase Misconfiguration Data Breach
Private Database of exposed user records
source: xyzeva

Aftermath and Response

Despite efforts to notify affected organizations, the response was modest, with only 200 misconfigurations rectified. Notably, some gambling websites attempted to downplay the issue, even offering flirtatious responses.

  • 842 Emails sent over 13 days
  • 85% Emails delivered
  • 9% Emails bounced
  • 24% of Site owners fixed the misconfiguration
  • 1% of Site owners emailed us back
  • 0.2% (2) Sites owners offered a bug bounty

Conclusion: Strengthening Security Posture

While data breaches may appear unavoidable, proactive measures can significantly mitigate risks. Adopting a zero-trust approach, coupled with just-in-time access architecture, offers essential protection against unauthorised access. PureID provides cutting-edge solutions, including passwordless technology and advanced authentication frameworks like ZITA. By prioritising robust cybersecurity measures and leveraging innovative solutions, organizations can bolster their defences and safeguard sensitive data in today’s increasingly vulnerable digital landscape.

Protect Your Privacy on X: Understanding the IP Address Sharing Issue

Introduction

X, formerly Twitter, launches voice and video calls, sparking privacy concerns among users about IP address sharing. Protecting personal information becomes paramount, prompting users to explore disabling options within X’s settings for enhanced privacy awareness and protection.

The Issue

X’s calling feature shares users’ IP addresses with callers by default, potentially exposing sensitive location details. This means that when you make or receive a call on X, the other party can see your town, city, or postcode without your explicit consent.

The Risk

Exposing your IP address on X can lead to privacy risks, including location tracking and potential harassment. This information can be used by malicious actors to identify your physical location and possibly target you with unwanted communication or even physical harm.

Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages - Elon Musk (28 Apr 2022) X Sharing IP Address

In his April 2022 tweet, Musk explicitly advocates for end-to-end encryption in Twitter DMs to prevent spying or hacking of messages. This reflects his strong belief in the need for robust security measures to protect users’ privacy and sensitive information. However, the recent implementation of X’s calling feature, which shares users’ IP addresses by default, appears to contradict Musk’s commitment to data security.

Safeguarding Yourself

Here’s how you can protect your IP Address from being exposed:-

1: Access Your Settings: Open the X app and go to your profile picture icon to access your account settings.

2: Navigate to Privacy Settings: Select “Settings and Privacy,” then choose “Privacy and Safety” to find the relevant options.

3: Disable IP Address Sharing: Find the option related to audio and video calling settings in the “Direct Messages” section. Toggle off the default setting that shares your IP address with callers. This will prevent others from seeing your location when you make or receive calls on X.

4: Verification: After disabling the default setting, verify that the feature is indeed turned off to ensure your IP address won’t be shared during calls.

User Awareness:

It’s important to raise awareness among X users about the default setting that shares IP addresses during calls and how to disable it. By informing others about this issue, you can help protect their privacy as well.

Conclusion:

By understanding the issue and taking proactive steps to disable IP address sharing, you can enjoy the benefits of X’s calling feature while minimising potential risks to your privacy and security. Stay informed and vigilant to safeguard your personal information online.

Read Also:

GitHub’s Battle Against Malicious Forks : A Security Challenge

Introduction

GitHub, a leading software development platform, faces a grave security threat posed by millions of malicious repository forks. Since mid-2023, attackers have exploited GitHub’s ecosystem, employing sophisticated tactics to infiltrate legitimate repositories and spread malware.

The Attack

The attack involves cloning existing repositories, injecting malware, and uploading them back to GitHub under the same names. Automated systems then fork these repositories thousands of times, amplifying the malicious spread. This campaign targets unsuspecting developers, executing code designed to steal sensitive information such as authentication cookies.

Timeline

  • May 2023: Malicious packages uploaded to PyPI, spread through ‘os.system(“pip install package”)’ calls in forks of popular GitHub repos.
  • July-August 2023: Malicious repos uploaded to GitHub directly, bypassing PyPI after removal of malicious packages.
  • November 2023-Now: Over 100,000 repos detected with similar malicious payloads, continuing to grow.

GitHub’s Response

GitHub employs automated tools to swiftly detect and remove malicious repositories. However, despite these efforts, some repositories evade detection, posing a persistent threat. GitHub encourages community reporting and has implemented default push protection to prevent accidental data leaks.

Implications

The widespread nature of the attack risks secondary social engineering effects, as naive users unknowingly propagate malware. GitHub’s security measures mitigate risks, but the incident underscores vulnerabilities in the software supply chain. Similar campaigns targeting dependencies highlight the fragility of software supply chain security.

How can PureID help?

Pure ID authentication framework provides enterprise users with individual commit-signing keys. All the changes to code repositories can be cryptographically verified at the build time, if it’s coming from a trusted user or not.

Without cryptographic verification its hard to determine if the code is committed from a  trusted/original author and is free from any unauthorised commits or sanctity violation.

Removing passwords from authentication flow further hardens the security of the code repositories.

Conclusion

GitHub’s battle against malicious forks underscores the ongoing challenges in securing the software supply chain. Vigilance, community reporting, and enhanced security measures are essential to effectively mitigate risks in the ever-evolving threat landscape.

See Also:

Securing Cloud Environments: Lessons from the Microsoft Azure Breach

Introduction

In the wake of the recent Microsoft Azure breach, it has become increasingly evident that organizations must prioritise enhancing their security posture to mitigate the risk of similar incidents in the future. This breach, attributed to compromised passwords & MFA manipulation, underscores the critical importance of implementing passwordless authentication solutions to strengthen overall security.

The Breach

The breach unfolded through a series of sophisticated maneuvers executed by cyber criminals to exploit weaknesses in Azure’s security framework. Initially, phishing emails targeted mid and senior-level executives, enticing them into disclosing their login credentials unwittingly. 

Armed with these credentials, attackers gained unauthorised access to Azure accounts, despite the presence of multi-factor authentication (MFA). By circumventing MFA and substituting victims’ MFA settings with their own, attackers maintained undetected access to Azure resources. 

They further obscured their identities using proxies, evading detection while seizing control of sensitive data and cloud resources.

This helps attackers bypass any poorly designed adaptive authentication solution relying on IP based access restriction or re-authentication.

How Microsoft Azure was Breached

The Lessons

  1. Phishing: Implement Phishing-Resistant Authentication Methods
    • Organisations must adopt phishing-resistant authentication methods to combat prevalent phishing attacks. Staff training alone may not suffice, necessitating solutions that minimise the risk of credential theft.
  2. Credential Theft: Go Passwordless
    • Enhanced credential security with multi-factor authentication is insufficient. Robust password management practices and adaptive MFA solutions have been and will continue to be breached unless you eliminate credentials altogether. Passwordless solutions are the optimal choice for enterprises, as they have been for quiet some time now. Both enterprises and individuals must recognise and adopt it as a standard practice.
  3. MFA Replacement: Implement Continuous Monitoring and Anomaly Detection
    • When you’re using credentials, it’s crucial to keep an eye on them. Continuous monitoring and anomaly detection play a vital role here. They help spot any unauthorised changes in MFA settings promptly, preventing any further access.
  4. Masking Location Using Proxies: Strengthen Adaptive Authentication Checks
    • Strengthening adaptive authentication checks is vital to detect suspicious activities like masked locations. Geo-location based authentication or behavioural biometrics can enhance authentication accuracy.
  5. Cloud Account Takeover: Implement Zero Trust Security Architecture
    • Implementing a Zero-trust security model is crucial to verify every access request, regardless of source or location. Granular access controls and continuous monitoring can mitigate the impact of cloud account takeovers.

Moving Forward

In the aftermath of this breach, organizations must prioritise fortifying their security posture to prevent similar incidents. While passwordless authentication solutions offer promising alternatives, organizations should also concentrate on strengthening existing security protocols, conducting regular security audits, and enhancing employee awareness to mitigate future threats effectively.

Conclusion

The breach of Microsoft Azure serves as a stark reminder of the imperative for proactive cybersecurity measures in safeguarding sensitive data and mitigating the risk of unauthorised access. 

By embracing passwordless authentication solutions and implementing a holistic security strategy, organizations can enhance their resilience against evolving cyber threats and safeguard their invaluable assets effectively.

Mother of all breaches: Which you could have avoided !!

Introduction

Don’t use passwords they said. It can be breached they said. Well, surprise, surprise, we didn’t pay much attention. Now, here we are, nervously checking our email IDs against the colossal 26 billion-record breach – the mother of all breaches!

Breach Unveiled: A Symphony of Chaos

So, there’s this massive breach, Mother of All Breaches (MOAB), a digital pandemonium that has exposed a whopping 26 billion records. It’s like a digital opera – records from MySpace to Adobe, starring Tencent, Weibo, Twitter, and LinkedIn. Your data just had its grand debut!

The Dramatic Unfolding

Picture this: MOAB is a blockbuster compilation of data breaches, meticulously curated. It’s like a Hollywood blockbuster, but your credentials are the star, and not in a good way. Your once-secure passwords are now part of a hacker’s treasure trove. Slow clap for the password drama.

Passwords – The Ultimate Blunder

If  Ellen DeGeneres hosted this show, she’d say, “You had one job – say no to passwords!” See the aftermath? Identity theft, phishing attacks, and a surge in password-stuffing shenanigans. All thanks to those outdated, reused, and easy-to-crack passwords.

Passwordless Paradise: Where Dreams Come True

Now, imagine an alternate universe where you actually listened – where passwordless authentication is the superhero. No MOAB nightmares, just smooth, secure logins without the hassle of juggling countless passwords. A utopia, right?

Mitigation Party: Reclaim Your Digital Kingdom

Inspect Your Vulnerability: Employ tools such as “Have I Been Pwned” and data leak checker. data leak checker. Use “Privacy Hawk” to trace your data’s path and request removal from unwanted websites. Move swiftly: Purge your digital footprint by eliminating your data from irrelevant websites.

Conclusion: Lessons Learned (Hopefully)

In an ideal world, you’d have embraced passwordless authentication, and we’d all be sipping digital margaritas by now. But, alas, here we are – dealing with the aftermath. Take this as a digital wake-up call: passwords belong to the past, let’s march into a passwordless future.

A Final Plea: Break Free from Passwords

Passwords are so yesterday!! The revolution is calling – will you answer? Join the passwordless parade; your digital sanity will thank you later. Use PureId, Stay Safe.

MongoDB Security Incident: Navigating the Aftermath

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

On December 13, 2023, MongoDB, a prominent US-based open-source NoSQL database management system provider, faced a substantial security incident. This breach of MongoDB Atlas, a fully-managed cloud database, unfolded as unauthorised access infiltrated corporate systems, laying bare customer account metadata and contact information. The assailants employed a cunning phishing attack, exploiting support service applications. The consequences were dire – a trove of sensitive data, including customer names, phone numbers, and account details, left exposed in the turbulent aftermath of this cyber storm.

MongoDB Steps Explained

Intrusion Footprints: A List of IPs Disclosed

In a proactive move, MongoDB disclosed a comprehensive list of external IP addresses on their alerts page. These IPs were strategically employed by the unauthorised third party. Organisations are strongly advised to meticulously scrutinise their networks, diligently searching for any ominous signs of suspicious activity intricately linked to these disclosed IPs. If you spot these IPs, you’ve got unwelcome guests. Remember it’s time to act, and act fast.

MongoDB Breach

Phishing & Social Engineering – The Achilles’ Heel of Multi-Factor Authentication

MongoDB issues a resolute counsel to its user base, emphasising the critical need to bolster defences against the looming threats of social engineering and phishing. In response, the company advocates the implementation of multi-factor authentication (MFA), urging users to promptly update their MongoDB Atlas passwords as an additional layer of security.

Phishing attacks or social engineering can bypass and disable all types of MFA solutions, as seen time and again. The security incident under discussion started with phishing attacks. So implementing MFA will have zero security advantage but will only increase the cost, efforts and complexity of authentication.

GoPasswordless – The best protection for MongoDB

Going passwordless with PureAUTH will benefit in 2 broad ways to protect MongoDB or any other enterprise applications –

  1. Secure Authentication – PureAUTH offers passwordless authentication which is secure from phishing & social engineering attacks.
  2. Resilience in case of data breach – If data from the database like MongoDB is leaked due to mis-configurations, 0-day vulnerability or insider attacks etc, the adversary will not find any passwords, MFA seeds, swap-able public keys, or any usable data to carry out unauthorised access elsewhere.

Conclusion

Amidst the gloom, MongoDB presents a silver lining: Passwordless Authentication. It’s a call to transcend traditional password reliance for a more secure future. Fortify your defences with passwordless security. MongoDB users, the future beckons. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cyber security landscape with renewed strength. Passwords? Pfft, that’s so yesterday. The journey continues—Passwordless Authentication awaits.

Unpacking Okta’s Recent Security Breach

Introduction

In today’s interconnected world, data breaches have become unfortunately common. One recent incident that has drawn the cybersecurity community’s attention involves Okta, a prominent identity and access management (IAM) provider. This blog post delves into the specifics of the Okta breach, its impact, and the lessons we can learn.

The Initial Okta Breach

The story starts with a breach of Okta’s case management system, reported in late October. Threat actors gained unauthorised access to sensitive files of 134 Okta customers, less than 1% of the customer base. Some stolen files were HTTP Archive (HAR) files with session tokens, usable in session hijacking attacks.

Targets: BeyondTrust, Cloudflare, and 1Password

BeyondTrust, Cloudflare, and 1Password confirmed their systems were targeted due to this breach. They emphasised no loss of customer data during these incidents, highlighting their robust security measures.

Okta’s Response and Investigation

David Bradbury, Okta’s Chief Security Officer, revealed the breach’s origin. An employee logged into their personal Google account on an Okta-managed laptop, inadvertently saving service account credentials. The hackers exploited this service account, gaining permissions to view and update support cases. The breach occurred from September 28 to October 17, 2023.

Investigation Challenges

Okta’s security team initially focused on unauthorized access to support cases. Identifying suspicious downloads took 14 days. Unique log event types and IDs complicated the detection process.

On October 13, BeyondTrust provided a suspicious IP address, leading to the identification of the compromised account’s activities.

Implications and Ongoing Concerns

The breach raises numerous cybersecurity concerns. Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, highlighted the potential for secondary attacks arising from exposed data. Such incidents erode trust in service providers, especially for security-focused companies like Okta.

John Bambenek, Principal Threat Hunter at Netenrich, pointed out that recurring security events raise questions about Okta’s reliability in sensitive roles like identity and authentication.

Conclusion: The Vital Role of Passwordless Authentication

The Okta breach underscores the importance of robust cybersecurity practices. Organisations must remain vigilant, conducting continuous security assessments and proactively implementing measures against evolving threats.

A single compromised password can jeopardize an entire institution. Therefore, we strongly advocate for passwordless authentication. By eliminating passwords, organizations can fortify their defenses, enhancing security and reducing the risk of future incidents. Passwordless authentication is a safer and more effective approach to protecting digital identities in today’s evolving landscape. #gopasswordless

Breach Report & Breach Support

June, reminds us of 2 things, first how fast another year has passed and second – Verizon Data Breach Investigations Report (DBIR).

Since 2008 Verizon has been releasing Data Breach Investigations Report (DBIR) that has provided the world of Infosec valuable insights and detailed analysis of the evolving threat landscape from various viewpoints (industrial segments, geography specifics etc).

Report Highlights

Stolen credentials remain the biggest concern and the reason for 86% breaches over the web. Reports also states that most targeted assets were the servers rather than individual applications or devices.

From VDBIR 2023

On the Rise

In Summary VDBIR 2023 mentions that 50% of total breaches were due to credential fraud, 10% Phishing & rest due to exploitation of vulnerabilities.

Report also mentions ransomware attacks becoming ubiquitous & 50% increase in Social Engineering attacks. 

From VDBIR 2023

Report also has a monthly summary of incidents from 2022, including the incidents involving leaked passwords from Okta and MFA factors from Twilio.

August Summary from VDBIR 2023

PureID #BreachSupport

As the industry is still closely studying the breach report VDBIR-2023, we are working on our latest initiative – Breach Support, through which we intend to help businesses quickly recover from the incidents by removing passwords and adopting Zero Trust Access control with zero impact on business. More details on Breach Support will be shared soon, stay tuned.

Please Note – All the above images are taken as -is from VDBIR 2023, & the last one from PureID Team