Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Dell Resets User Passwords After Website Attack

    By
    SEAN MICHAEL KERNER
    -
    November 29, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Dell security disclosure

      Dell announced late on Nov. 28 that its Dell.com customer-facing website was the victim of a cyber-attack.

      The attack was apparently discovered by Dell on Nov. 9, with attackers taking aim at usernames, email addresses and passwords that had been cryptographically hashed. According to Dell, it has no evidence that customer information was actually removed from the site.

      “Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement,” Dell stated in a media advisory on the cyber-security incident.

      Dell emphasized in its advisory that it has risk mitigation measures in place to deal with cyber-security incidents. The company noted that credit card information was not targeted and there was no direct impact on Dell’s products or services.

      Password hashing, which is what Dell has in place for customers on Dell.com, is a cryptographic approach to scrambling and protecting passwords, such that if an attacker gets the password hash, it’s still not easily usable. Going a step further, Dell announced that it has initiated a mandatory password reset for all of its Dell.com users to further mitigate any potential risk.

      “Hashed passwords, along with the password reset, limit exposure of customers’ account information,” Dell wrote in a customer update note on the cyber-security incident. “Customers are encouraged to change passwords for other accounts if they use the same password for their Dell.com account.”

      Dell has not yet publicly stated if it has determined the root cause of the attack or where it came from. That said, Dell stated it has engaged with law enforcement as well as a digital forensics firm to conduct additional investigation and analysis.

      “We are disclosing this incident now based on findings communicated to us by our independent digital forensics firm about the attempted extraction,” Dell stated.

      Industry Reaction

      Industry reaction to the Dell website hack disclosure has been somewhat mixed, though experts contacted by eWEEK were largely positive about how Dell has handled the situation.

      “Dell has responded to the incident very well overall,” Joe Perry, director of research at Cybrary, told eWEEK. “They took immediate steps to correct the problem, performed the kind of analysis necessary to identify whether the breach caused actual data loss, then released a statement with the information they have.”

      Perry added that Dell probably could have made the disclosure earlier, but two weeks isn’t a terrible timeline in view of the fact that the company took immediate action.

      Brian Contos, chief information security officer and vice president of Technology Innovation at Verodin, was somewhat less positive about the Dell cyber-security incident. According to Contos, the incident is yet another example of a company that has the talent and technology to do things right but still suffers from a breach.

      “There is a gap in almost every organization—midsized, F500s, G2000s and government agencies—between how we think our security tools are working and how our security tools are actually working,” he told eWEEK. “As such, we can have all the right tech with all the best people and still suffer a breach.”

      For enterprises, Contos said there needs to be a mind shift that occurs to make breaches less common. In his view, the shift that is needed is a focus on validating the effectiveness of actual security tools—what’s working, what’s not, and how to fix it—instead of the relying on assumption-based security and hoping that security tools are actually providing value.

      For end users, Perry said password reuse is a primary concern.

      “You know that password you keep reusing? Stop it. But since you’re not going to stop reusing your password, at least change it on all of your other sites,” Perry said. “Password reuse is one of the main value-adds of breaches like this, and supposedly secure sites like Dell see more reuse than sites like Facebook or Twitter, which have histories of password disclosure.” 

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×