[ad_1]
Dell chooses to call it a "potential security event," but at the same time confirms that it has detected unauthorized activity on the company's internal data network.
This includes attempts to retrieve personal data from customers who purchased from the Dell.com website, which will have been discovered on November 9 and stopped on the same day.
The server and PC manufacturer indicates that potential leaks are limited to names, email addresses, and hash passwords.
"Although some of this information may be removed from the network, our own investigations have not found conclusive evidence of this," he said in a statement released yesterday.
They do not understand why the algorithm passwords are protected. They do not mention salting either. It is well known that obsolete hash algorithms such as MD5 or SHA-1 may be damaged.
Reset password
Credit cards and other sensitive customer information are not affected. The unwanted activity also did not affect any product or service, says Dell.
In an effort to dramatize the incident, Dell points out that it has security measures in place to mitigate the effects of a potential leak, including hash and mandatory reset of the client's password.
Ensuring that your passwords are reset so that customers need to create new ones at the next login is a common practice after a data break.
The case is still under investigation. Dell reportedly also reported the incident, according to Zdnet. In the process, the company has also hired an external security firm that will conduct an independent review.
[ad_2]
Source link
