Dell resets customer passwords after security incident
Dell confirmed in a press release published on November 28, 2018 that it detected and blocked unauthorized activity on its company network.
According to the press release, hackers were after Dell customer information. Access was limited to customer names, email addresses and hashed passwords, and did not include other data such as credit card information or addresses were not targeted according to Dell's investigation.
Dell's investigation of the incident "found no conclusive evidence" that any data was extracted; Dell admits that data could have been extracted despite that.
Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted.
The company made the decision to reset Dell.com customer passwords as a countermeasure to protect customer accounts.
Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These include the hashing of our customers’ passwords and a mandatory Dell.com password reset.
Dell initiated an investigation and implemented countermeasures when it detected the attempted extraction of customer data. The company engaged law enforcement and "retained a digital forensics firm to conduct an independent investigation".
Dell published a customer update on the company website that offers additional information. Dell became aware of the incident happened on November 9, 2018.
The page offers password changing tips. Dell suggests that users use a password that has at least 8 characters that are a mix of uppercase, lowercase, and numbers. Customers should not use words that can be associated with them next to that.
Dell furthermore asks customers to change passwords on other sites as well if the same password is used on these sites.
While Dell reset the customer password to invalidate it, if hackers managed to obtain data, they could theoretically try email and password combinations on other popular sites. Many computer users re-use passwords on sites instead of using unique passwords.
I got this email the other day and thought I would just close out my Dell user account. Turns out Dell really doesn’t have a option to do so in account settings. You can’t delete it, and when I asked CS at Dell they couldn’t do it either. At least I give Dell a plus for taking action better than many who have waited months to disclose a breach. But still would be nice to just have a option to delete the account altogether to be safe.
I just logged into my Dell.com account, using the password I’ve had for many years (yeah, I know).
There was no mention of this breach and no requirement to change passwords. Their announcement doesn’t seem to indicate that only some customers are affected so I have no idea why I was able to log in as normal.