Taiwanese networking equipment giant, D-Link, recently confirmed a significant data breach. This breach is directly linked to information illicitly extracted from its network, which was subsequently listed for sale on the notorious BreachForums.
The Breach Details
The malefactor behind this attack alleges possession of the source code for D-Link’s D-View network management software. Additionally, they claim to have millions of entries containing personal data of both customers and employees. This data encompasses details as sensitive as those pertaining to the company’s CEO. The stolen data set reportedly includes names, emails, addresses, phone numbers, account registration dates, and even the users’ last sign-in dates.
A sample of 45 records, with timestamps ranging from 2012 to 2013, was provided by the threat actor. This led to speculations regarding the age and relevance of the data. The attacker stated, “I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from the system.” They further emphasized the inclusion of data related to numerous government officials in Taiwan and D-Link’s top-tier employees.
Since October 1st, this data has been up for grabs on the hacking forum. The asking price? A mere $500 for the purportedly stolen customer data and the alleged D-View source code.
D-Link’s Response
D-Link attributed the security lapse to an employee who fell prey to a phishing scheme, which subsequently provided the attacker with access to the company’s network. In a swift response, D-Link deactivated potentially affected servers and limited user account access to facilitate the ongoing investigation.
However, D-Link’s version contrasts with the attacker’s narrative. The company clarified that the compromised system was a “test lab environment” that operated on an obsolete D-View 6 system, which was discontinued in 2015. The lingering question remains: Why was an outdated server, potentially vulnerable to external threats, still active on D-Link’s network for such an extended period?
Contrary to the claims of pilfering data of millions of users, D-Link’s statement mentioned the compromised system held approximately 700 records. These records, they emphasized, were outdated and have been dormant for at least seven years. D-Link also raised suspicions about the attacker possibly manipulating recent login timestamps to give an impression of a more recent data theft.
In Conclusion
While D-Link assures that the majority of its current clientele is unlikely to be affected by this incident, the event underscores the ever-present threats in the realm of data security. Companies, irrespective of their stature, must remain vigilant and proactive in safeguarding their digital assets.
