Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label D-Link Data Breach. Show all posts

D-Link Confirms Data Breach, After Employees Suffer Phishing Attack


Taiwan-based networking equipment manufacturer, D-Link recently revealed to have suffered a data breach in which it lost information linked to its network. The data was then put up for sale on illicit sites, one being BreachForums.

Reportedly, the hackers claim to have stolen the company’s source code for D-View network management software. The company has also compromised millions of personal data entries of its customers and employees, along with that of its CEO. 

The compromised data includes the victim’s names, addresses, emails, phone numbers, account registration dates, and the users' last sign-in dates.

A thread participant noted that the data appeared to be very old after releasing samples of 45 stolen records with timestamps between 2012 and 2013.

The attacker stated, "I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system[…]This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company."

The stolen data has been available on the illicit forums since October 1st, with the hackers demanding a ransom of $500 for the stolen client data and purported D-View source code.

Data Stolen From a “Test Lab” System

According to D-Link, the security lapse happened as a result of a worker falling for a phishing scam, which gave the attacker access to the company's network.

After realizing what had transpired, the company quickly shut down possibly impacted systems in reaction to the hack, and all user accounts used for the investigation — except two — were disabled. 

D-Link further noted that the hackers have also gained access to one of its product registration systems when it was running on an old D-View 6 system, which reached its end of life in 2015, in what D-Link described as a "test lab environment,"

However, D-Link did not make it clear as to why the end-of-life server was still running on the company’s network and was subsequently exposed to the Internet for the past seven years.

D-Link confirmed that the compromised system only had about 700 records, with information on accounts that had been open for at least seven years, in contrast to the attacker's assertion that millions of users' data had been stolen. 

"Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years," D-Link stated. "These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information."

D-Link believes the threat actor intentionally altered the timestamps of recent logins in order to give the impression that more recent data theft occurred. The majority of the business's current clients aren't anticipated to be affected by this issue, the company added.