Dell resets customer passwords following cyberattack on its website
Dell has announced that it has instigated a mandatory password reset for customers after it suffered a cyberattack earlier in the month.
In a statement, the company confirmed that its network had been subject to "unauthorized activity" on November 9 in which attackers tried to gain access to customer information. Dell says that data was limited to names, email addresses and hashed passwords, adding there is "no conclusive evidence" that data was extracted. The forced password reset is described as a measure to "limit the impact of any potential exposure".
Dell is giving very little away about the nature of the attack and has also given no indication of who may have been behind it. The company is really just at pains to stress that no sensitive data was leaked and that it has the situation under control.
In a statement about the incident, Dell says:
On November 9, 2018, Dell detected and disrupted unauthorized activity on our network that attempted to extract Dell.com customer information, limited to names, email addresses and hashed passwords. Upon detection, we immediately implemented countermeasures and began an investigation. We also retained a digital forensics firm to conduct an independent investigation and engaged law enforcement.
Through that investigation, we found no conclusive evidence that any customer information was taken. Furthermore, there is no indication that any credit card or other sensitive customer information was targeted. We have cybersecurity measures in place that limit the impact of any potential exposure, including the hashing of customers' passwords. Out of an abundance of caution, we proactively reset Dell.com customers' passwords to further protect customers and their accounts. No Dell products or services were affected.