On Wednesday, Dell announced that it had discovered a security breach on November 9th. This breach tried to extract Dell’s customer information including names, email addresses, and hashed passwords.
The company said, “Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted. Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure.”
According to Dell’s press release, “Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement.”
The company also did not go into detail about the hashing algorithms it uses. However, algorithms such as MD5 can be cracked within seconds to reveal the plaintext password. “Credit card and other sensitive customer information were not targeted. The incident did not impact any Dell products or services”, the company said.
According to a customer review on Hacker News thread, “Dell ‘hashes’ all Dell.com customer account passwords prior to storing them in our database using a hashing algorithm that has been tested and validated by an expert third-party firm. This security measure limits the risk of customers’ passwords being revealed if a hashed version of their password were to ever be taken.”
According to ZDNet, “Dell said it’s still investigating the incident, but said the breach wasn’t extensive, with the company’s engineers detecting the intrusion on the same day it happened. A Dell spokesperson declined to give out a number of affected accounts, saying “it would be imprudent to publish potential numbers when there may be none.”
While resetting passwords is a safer option, the users should also keep a check on their card statements if they have saved some financial or legal information in their accounts.