HQ/EMEAFind out how we can help your business
D-Link has confirmed a data breach resulting from an employee who became subject to a phishing attack.
The breach resulted in D-Link losing some data, which the attackers subsequently offered for sale on BreachForums earlier this month. The attackers claimed they had acquired the source code for D-Link’s D-View network management software and troves personal information about customers and employees, including details about the company’s CEO.
The confirmed stolen data allegedly includes names, email addresses, physical addresses, phone numbers, account registration dates, and the last sign-in dates of users. The threat actor shared samples of 45 stolen records, all timestamped between 2012 and 2013, to prove the legitimacy of their claims.
In addition, the attacker revealed that it had breached the internal network of D-Link in Taiwan and obtained 3 million lines of customer information and source code to D-View extracted from the system. Additionally, the actors explained that the initial stolen info does not yet include the information of government officials in Taiwan, as well as the CEOs and employees of the company.
The stolen data has been available for purchase on the hacking forum since October 1st, with the threat actor seeking $500 for the stolen customer information and the alleged D-View source code.
D-Link stated that the breach was from a phishing attack that deceived one of its employees.
D-Link clarified that the security breach resulted from an employee falling for a phishing attack, which allowed the attacker access to the company’s network. In response to the violation, the company immediately shut down servers to isolate the incident and prevent the attack from spreading.
Although D-Link admitted the breach, it specified that the attackers gained access to a product registration system within what it described as a “test lab environment.” This system was running on an outdated D-View 6 system that reached the end of its life in 2015.
However, D-Link revealed that the compromised system held approximately 700 outdated and fragmented records inactive for at least seven years, contrary to the attacker’s assertion of having stolen millions of user data.
Furthermore, D-Link also suspects that the threat actor manipulated recent login timestamps to create the appearance of a more recent data theft. The company assured that most customers will not suffer from the hack.
Still, every concerned individual in this incident should remain vigilant as other threat actors could have purchased the leaked data so they could execute other malicious campaigns, such as phishing and fraud.
