Hackers have allegedly carried out a second Dell data breach within a week, compromising sensitive internal files via Atlassian tools. Allegedly, data from Jira, Jenkins, and Confluence has been exposed. Dell is currently investigating the initial breach.
On 19 September 2024, Hackread.com published a report claiming a Dell data breach involving sensitive information on 10,863 employees. Hot on the heels of that incident, the same hacker responsible for the first breach now alleges that Dell has been breached again.
The hacker, using the alias “grep” on the notorious Breach Forums platform, made these claims on 22 September. In the post, grep revealed that Dell experienced another breach, this time in collaboration with a hacker known as Chucky. Together, they claimed to have accessed Dell’s internal systems and leaked confidential data.
According to grep, the breach includes Jira files, database tables, and schema migrations, amounting to 3.5 GB of uncompressed data. They claim to have accessed Dell’s Atlassian software suite, including Jenkins and Confluence, which are key tools for software development and collaboration.
The hacker’s message on the forum read as follows:
“Compromised data: Jira files, DB tables, schema migration, etc., totaling 3.5GB uncompressed. This time, it was breached by Chucky. Before Dell says anything, we both compromised your Atlassian and accessed Jenkins, Confluence, etc. GDPR said time is ticking, by the way, xD.”
An Investigation Underway
In response to the first alleged breach, Dell said it was aware of the incident and had launched an investigation. As of today, the company has not addressed the latest claims.
Hackread.com researchers have reviewed some of the leaked files and believe they may contain sensitive information related to Dell’s internal infrastructure, including system configurations, user credentials, security vulnerabilities, and development processes. If confirmed, this data could be used to target Dell’s systems on a larger scale.
Further analysis suggests the files belong to various enterprise tools and environments at Dell, including Jira, database tables, schemas, and Atlassian products like Jenkins and Confluence. Specific details of the compromised files have been withheld for security reasons.
A Painful Blow
Anne Cutler, cybersecurity expert at Keeper Security, said that two reports of data breaches within a week, impacting 10,000 Dell Technologies employees, is a painful blow to the business that is still dealing with the fallout of an incident that affected 49 million customers earlier this year.
The alleged threat actor grep has indicated on the dark web that the most recent round of stolen data includes employee information such as names, unique identifiers, employment status, and internal identification, as well as internal files, tables, and plans, Cutler says. “This follows a confirmed breach in May 2024 that exposed customer names, physical addresses, Dell hardware and order information.”
According to her, the disclosure of this information is a clear violation of both customer and employee privacy and trust. “These breaches underscore the persistent and evolving threats to digital security and why everyone must take concrete, proactive steps to safeguard their own sensitive information. “
Cutler advises affected employees and customers to take several steps to protect their identity:
- Change the password and passcode for any Dell-related accounts immediately. A password manager can generate strong and unique passwords for every account.
- Enable Multi-Factor Authentication (MFA) to add an extra layer of security that makes it more difficult for cybercriminals to access your accounts.
- Watch for signs of phishing attempts, including unsolicited texts and emails, suspicious files or links, and urgent language.
- Sign up for a dark web monitoring service like BreachWatch® so you can be notified immediately if your information has been compromised.
She says this spate of breaches is a wake-up call for all entities to reevaluate their cybersecurity posture and consider proactive measures over-reactive responses. “As cyber threats evolve, organizations must prioritize protecting both customer and employee data. Cybersecurity technologies protecting these environments must cover every user, on every device, from every location.”
Privileged Access Management
As the human element is the more difficult to protect and, often, the most error-prone element of the attack chain, therefore, organizations should focus on implementing zero-trust security architecture and a policy of least access to prevent unauthorized privilege escalation and ensure strict enforcement of user access roles. A Privileged Access Management (PAM) platform is essential for managing and securing privileged credentials, ensuring least privilege access, and preventing lateral movement in the event of a breach.
“Robust threat intelligence, continuous monitoring, and rapid incident response are also critical. Companies should have security event monitoring to detect and analyze privilege escalations, enabling the detection and blocking of anomalous behavior.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.