Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
  • @slurpinderpin@lemmy.worldEnglish
    1582 months ago

    These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons

      • Sabata11792
        492 months ago

        They just pay up and do it again. It’s a business expense, not a punishment.

      • BlueÆtherEnglish
        112 months ago

        and then, us as the consumer will pay for the fine as well

    • @Grandwolf319@sh.itjust.worksEnglish
      222 months ago

      Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.

      Oh if only I was European.

    • @kibiz0r@midwest.socialEnglish
      52 months ago

      Instantly makes ransomware [edit 2: my brain was being dumb, I didn’t mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.

      Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”

        • @kibiz0r@midwest.socialEnglish
          22 months ago

          Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.

    • @Artyom@lemm.eeEnglish
      42 months ago

      In the case of this breach, I’d be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we’d be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer’s fees, not me.

    • xep
      292 months ago

      I know you’re being flippant, but it’s worth noting that there is a considerable difference between a company getting hacked like this and an app with unfettered access to the cluster to sensors that we’ve got in our pockets.

    • @Cavemanfreak@lemm.eeEnglish
      112 months ago

      The thing with tik tok isn’t only with the data China can gather from US residents. It’s also how they can use that information to influence the populace and send them propaganda, for example influencing the election results.

    • @kibiz0r@midwest.socialEnglish
      92 months ago

      The ban is a dumb policy, but you’re daft if you think the security implications are at all similar.

      TikTok was caught injecting a keylogger into their in-app browser and their response was “Well yeah, but we promise we’re not using it.”

      • @DriftinGrifterEnglish
        22 months ago

        doesent literraly every website with autocomplete search queries do this?

        • @kibiz0r@midwest.socialEnglish
          62 months ago

          No. This is analogous to cross-frame scripting.

          So imagine you go to tiktok.com and you click on a link to bestbuy.com/cool-product-i-want-to-buy. But instead of taking you directly to bestbuy.com/cool-product-i-want-to-buy, it keeps you on tiktok.com and just opens an iframe with a keylogger injected into it.

          So then when you enter credit card info into the bestbuy.com UI, the tiktok.com JS can see what you typed.

          (This scenario is largely impossible these days, due to modern browser security.)

          The difference is that if you witnessed this kind of XFS in your desktop browser, you might notice it because the location bar still says tiktok.com, because you never actually left the site. But in a mobile in-app browser, you don’t need an iframe. You can inject JS directly into the browser itself, making it invisible to the user. As far as you can tell, you’re on regular ol’ bestbuy.com, not a modified version of it.

            • @kibiz0r@midwest.socialEnglish
              42 months ago

              lmao, you asked.

              I’m not a security expert, but my tech career has involved a lot of automated testing in weird scenarios, including iframe-based Facebook games and browser-based mobile apps. Automated tests face a lot of the same challenges that a malicious third-party would, so I know a little bit about how to get past them – or rather, how to deliberately create vulnerabilities (in the dev build of your system) so that your tests can get past them.

              Edit: I am curious why someone downvoted me on that one though. I can understand how my comment about the ban being dumb but TikTok also shipping a keylogger could anger people on one side or the other. But just explaining how in-app browsers revive a security problem that’s been long-solved in standalone browsers?

  • @leds@feddit.dkEnglish
    352 months ago

    Got this:

    Hello, Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.

    What data was accessed? At this time, our investigation indicates limited types of customer information was accessed, including:

    • Name
    • Physical address
    • Dell hardware and order information, including service tag, item description, date of order and related warranty information
    • @Snapz@lemmy.worldEnglish
      112 months ago

      Hello, Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved. Sending you this single message satisfies our legal disclosure requirement. Beyond that, we have no actual intention of fixing this, providing you with a meaningful compensation for the breech or really doing anything different at all truthfully. Fuck you.

    • @fossphi@lemm.eeEnglish
      92 months ago

      So people know how expensive a computer is at the address. What could go wrong

      • @IHawkMike@lemmy.worldEnglish
        142 months ago

        Right, because international hackers are going to mobilize boots on the ground across the world to steal your fucking Optiplex.

        • @sugar_in_your_tea@sh.itjust.worksEnglish
          52 months ago

          I think it’s more likely that an attacker would make a fake collections call if you bought something really expensive, especially if they can prove you bought on credit or something. A little ChatGPT and you’d have a targeted script to use.

  • FenrirIIIEnglish
    222 months ago

    Expect a ton of Indian people calling pretending to be Dell Support.

  • Joanie ParkerEnglish
    112 months ago

    They emailed me earlier about it… Good thing I’ve only ever bought a monitor from them.