this post was submitted on 14 May 2024
38 points (97.5% liked)

Cybersecurity

5965 readers
125 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
kid
[email protected]
38
Dell API abused to steal 49 million customer records in data breach | Cybersafe News Dell API abused to steal 49 million customer records in data breach (cybersafe.news)
submitted 8 months ago by [email protected] to c/cybersecurity
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 8 months ago (1 children)

So, they stole barely anything better than public information. I guess if you really wanted to, you could use the info to target a specific person with a known zero-day, since you know what hardware they potentially have, but not really something the average person should be worried about.

It's interesting that it was so easy to do, though, and I hope Dell audits any other APIs they provide.

[–] sugar_in_your_tea 3 points 8 months ago (1 children)

My takeaway is targeted scam calls. You take the name and address, look up their phone number, and now you have very specific information to craft a credible scam warranty call or something with.

[–] [email protected] 3 points 8 months ago

"We're calling about your monitor's extended warranty..."