Dell informed that it detected and stopped unauthorized activity on its network which attempted to extract data from customers including names, email addresses and hashed passwords. This has resulted in Dell proceeding with rolling mandatory password changing for every single one of its user passwords on its store.
However the forced password reset action was taken almost a week after the hack attempt was first unearthed. This implies that the customers were potentially left vulnerable to the risk posed to their personal data for five days from 9th November to 14th November.
Dell confidently says that no credit card or other sensitive information was extracted from the network, nor did it impact any of its products or services.
In a customer update, the company confirmed about the Potential Cybersecurity Incident and its network had been subject to “unauthorized activity” on November 9 in which attackers tried to gain access to customer information. Dell says that data was limited to names, email addresses and hashed passwords, adding there is “no conclusive evidence” that data was extracted. The forced password reset is described as a measure to “limit the impact of any potential exposure”.