A hacker using the nickname “grep” recently claimed the first leak, posting samples of the stolen dataset for free on BreachForums and offering to exchange the entire data for 1 BreachForums credit (about $0.30).
“In September 2024, Dell experienced a small data breach that exposed internal employee data. Over 18,000 employees belonging to Dell and its partners were affected,” Grepp said in a Sept. 19 post. The dataset contained sensitive information such as employee IDs, employee full names, employee status, and employee internal IDs, Grepp added.
Two attacks in a week
A few days later, Grepp posted about a second “significant” breach, in which he stole 3.5GB of data from Dell. He claimed this attack was carried out in collaboration with fellow hacker “Chucky,” and described the previous attack as “small.”
“Over 10,000 employee records were exposed, including names, employee IDs, and internal identifiers. This incident highlights how even well-established technology companies can be vulnerable,” said Stephen Koski, chief technology officer at security firm SlashNext. “While Dell has not yet confirmed the breach, the information could be leveraged for targeted phishing or social engineering attacks, given recent cybercriminal tactics,” he warned.
Dell acknowledged the first incident through media channels, saying that “our security team is actively investigating the situation.” However, it has not made an official statement about the second incident. In response, Grepp said in a second post on September 22, “GDPR says time is running out.”
Grepp said that the reason he was able to access Dell’s internal files was because of a security vulnerability in Atlassian tools. According to the second post, the stolen data included “3.5GB of uncompressed data including JIRA files, DB tables, schema migrations, etc.” Grepp also said that “this time Chucky struck first and before Dell could make any claims, we accessed Jenkins, Confluence, etc. via Atlassian.”
He added that the hacking details revealed this time could expedite the investigation.
“Greb” on the rise
Hacker “Grep” has been implicated in several cyberattacks over the past two years, most of which are linked to the activities of Anonymous, a decentralized group that hacks governments and corporations. The nickname “Grep” comes from a Unix command that searches files or text streams for specific patterns.
While it is difficult to trace its exact origins, Grep’s activities first gained attention in early 2022 for hacktivism during the Russia-Ukraine conflict. The most recent breach was the CapGemini data breach on September 9, which resulted in the loss of 20GB of source code, credentials, personal and API keys, and employee data.
Dell already suffered a massive cyberattack in May that compromised the data of 49 million customers. It remains to be seen how the company will respond to this incident. Email inquiries sent to Dell were not answered by the time this article was written.
editor@itworld.co.kr
Source: www.itworld.co.kr
