“A number of Dell customers claim to have been contacted by scammers who had access to specific customer information that should have only been available to Dell. The company says it hasn’t been hacked but won’t offer an explanation for the seemingly stolen data.”
Well, that doesn’t sound good. Read Bill Snyder’s report on CIO. It sounds like Dell may have an insider problem if they weren’t hacked. In any event, if the service tags info are in the hands of scammers, they didn’t get there magically. Dell needs to figure this out.
HA! This is what they get for trusting low income overseas help desk people.
It depends how the service tags are queried from the inside. If they ALL have access to a read-only database, its a huge fail. If it is access a website that you have to enter a tag and then be prompted for data, then it can be tracked by individual IP or user name.
Sure it doesn’t bring good thoughts, especially to Dell’s security posture if they do not fess up. There are a few things that could be wrong here. One is that some sort of program or service leaks this information. Another is a third party was breached who offers at home assistance. Another is that malware, virus or trojan horse simply collected that data.
Dell recently had issues with a Cert or two, and some one could have been smart enough to harvest data prior to it all being fixed.
To me, it’s simple. If I get a call from a 3rd party about my computer system, I laugh at them until they hang up. IF there is a minute chance it’s legit, I’d call back Dell at the number provided on their website, and ask pointed questions about what they are trying to achieve, if it was a legit call. Any computer I buy, I format the drives and rebuild from scratch. That way there is no bloatware, potentially no factory injected malware or trojans and probably no bad Certs or services as well.
The story reads as if ONE person wrote that columnist and he writes up a hack story. Unless there are TONS of people complaining the exact same way, like a credit card issue or proprietary service that people buy and has been compromised, a single entity being contacted means squat. He probably has a rootkit, virus, malware, bad Dell cert(s) or other issue that leads crooks to share the info.
Unless other users fess up and quickly, this one will get swept under the rug and lost in the technology rat race.