Network equipment manufacturer D-Link has confirmed that there has been a breach in which internal data was stolen, but claims that the data is actually not that useful to malicious actors.
The company said two employees fell victim to a phishing attack that gave the attacker access to the company’s endpoints.
To resolve the issue, D-Link shut down the hacked servers and disabled the affected accounts.
Test environment
Earlier this month, a threat actor posted a new thread on a dark web forum, claiming to have stolen product source codes and identity information about customers, employees, and even the CEO.
“I hacked D-Link’s internal network in Taiwan, extracted 3 million lines of customer information and D-View’s source code from the system,” the attacker said. “This includes the information of MANY government officials in Taiwan, as well as the company’s CEOs and employees.”
Apparently, the data stolen includes people’s names, email addresses, addresses, phone numbers, account registration dates, and users’ last login dates. The attacker is asking for $500 for the database and has offered a handful of samples.
However, the examples appear to be from ten years ago, something other forum members were quick to point out.
As D-Link further explained, the attacker stole the data from a “test lab environment,” an outdated server that reached end of life in 2015. The company also said the attacker stole about 700 records, not millions. as they claim.
“However, based on the research, it only contained approximately 700 outdated and fragmented documents that had been dormant for at least seven years,” D-Link said. “These registrations come from a product registration system that reached the end of its life in 2015. Moreover, the majority of the data consisted of low-sensitive and semi-public information.”
The company hinted that the threat actor is trying to trick people into thinking they have a more relevant database in their hands, and concluded that current customers should not be affected by the incident.
Through BleepingComputer