US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9.
Dell says it detected an unauthorized intruder (or intruders) “attempting to extract Dell.com customer information” from its systems, such as customer names, email addresses, and hashed passwords. The company didn’t go into details about the complexity of the password hashing algorithm, but some of these –such as MD5– can be broken within seconds to reveal the plaintext password.
“Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted,” Dell said today in a press release.
In a statement sent to ZDNet, Dell said it’s still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. A Dell spokesperson declined to give out a number of affected accounts, saying “it would be imprudent to publish potential numbers when there may be none.”
The company also said hackers didn’t target payment card or any other sensitive customer information, and that the incident didn’t cause a disruption of its normal services at the time of the breach or after.
Dell initiated a password reset for all Dell.com customer accounts after it detected the intrusion earlier this month.
The company said it notified law enforcement, and also hired a digital forensics firm to perform an independent investigation.
Based on currently revealed details, Dell appears to have exposed very little information associated with its official website, where most users come to shop official products or have discussions on its official support forums.
While Dell has downplayed the incident’s impact, it is worth mentioning that many breached companies amend these initial revelations as their investigations advance.
Besides resetting passwords, Dell.com users should manually review what information they’ve stored in their respective accounts. In case they’ve saved financial information, they should keep an eye on card statements, to be on the safe side.
Article updated two hours after initial publication with additional comments from Dell.
More data breach coverage: