D-Link Confirms Data Breach but Denies Claims of 3 Million Stolen Data
D-Link, the Taiwan-based networking equipment manufacturer, confirmed the data breach incident related to the publication and sale of its internal data on BreachForums earlier this month.
The incident came to light on October 1, when a member of the dark web forum claimed to have breached the company’s network to steal millions of users’ data and source code for the D-View network monitoring product.
The hacker claimed to have 1.2 Gb of employee and customer personal data, including names, email, addresses, company, phone numbers, registration date, and date of last login. The claims also included information on Taiwanese government officials and CEOs. All this data was on sale for $500.
Following the claims, D-Link in partnership with Trend Micro launched an investigation and identified many discrepancies in the claim. ‘’The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015[..] So far, no evidence suggests the archaic data contained any user IDs or financial information,’’ revealed D-Link.
According to the company, the hacker’s claims were exaggerated and misleading, as its investigation showed that only 700 user records were compromised and none were of active users. Moreover, it is believed that the hacker manipulated the login timestamps of stolen data to make it look like a recent theft.
The breach is said to have occurred because an employee unintentionally fell prey to a phishing attack, thereby granting access to the outdated data.
In response to this attack, the company immediately implemented several remediation measures to prevent the occurrence of similar incidents in the future. It also revealed that the hacked product was an older version of the current D-View 8 offering, and active customers were unlikely to be affected by this incident.
Nevertheless, D-Link advised its users to change passwords and remain cautious about suspicious calls, messages, and emails.
Leave a Comment
Cancel