this post was submitted on 09 May 2024
466 points (99.2% liked)

Technology

55715 readers
5628 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
466
Dell warns of data breach, 49 million customers allegedly affected (www.bleepingcomputer.com)
submitted 1 month ago by Wilshire@lemmy.world to c/technology@lemmy.world
71 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 8 points 1 month ago (5 children)

The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn't, but doesn't seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don't see a whole lot of potential room for abuse.

[–] coolmojo@lemmy.world 34 points 1 month ago (1 children)

I do see potential room for abuse. Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable. Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.

[–] BugKilla@lemmy.world 6 points 1 month ago* (last edited 1 month ago)

Exactly, a lot data exfil'd is used to enrich other sources. All data loss should be treated as a catastrophic failure of security controls. Corporate victims should pay for their customers potential loss of identity and privacy as a preemptive action, even if the data in of itself may be considered low risk. If compliance with this is difficult then executives should be forced under law to post all of their personal info into Wikipedia with audio samples of their voice, full genome mapping and mugshots. Fuck these companies and their profits over people attitude.

[–] xep@kbin.social 15 points 1 month ago (1 children)

Now my friends know I bought an Alienware device. I'm never going to live this down.

[–] pdxfed@lemmy.world 3 points 1 month ago

A gamer cannot sink lower. Build your own if you care!

[–] shininghero@kbin.social 8 points 1 month ago

It's only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.

[–] slurpinderpin@lemmy.world 7 points 1 month ago

Don’t care, punish them all the same.

[–] homesweethomeMrL@lemmy.world 5 points 1 month ago

afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.

Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.