all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The Dell API Breach: It could have been prevented

Add to bookmarks
May 17, 2024, 5:26 p.m. | Hadar Freehling

Security Boulevard securityboulevard.com

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell.


How did they do it?  Here is the attack flow.


The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, …

api attack attacker breach business customer dell flaw flow hacker in the news logic may novel records scrape

Visit resource

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance 15 hours ago | securityboulevard.com
access authors channel conference +20
What is an IS (RBI) Audit? 22 hours ago | securityboulevard.com
address audit banking banks +27
Understanding Credential Phishing 1 day, 6 hours ago | securityboulevard.com
attackers breach breaches ceo +23
Adaptive DDoS Defense’s Value in the Security Ecosystem 1 day, 7 hours ago | securityboulevard.com
adaptive ddos analytics & intelligence and response attack +24
Understanding Business Email Compromise (BEC) 1 day, 7 hours ago | securityboulevard.com
attackers attacks bec business +17
Risk vs. Threat vs. Vulnerability: What is the difference? 1 day, 8 hours ago | securityboulevard.com
ciso suite click cyber lingo cyber security risks +11
Compromising ByteDance’s Rspack using GitHub Actions Vulnerabilities 1 day, 9 hours ago | securityboulevard.com
actions attacker bytedance bytedance rspack +16
Impart Security: Leading the Charge in API Security with SOC 2 Type 2 Certification | … 1 day, 10 hours ago | securityboulevard.com
api api security certification charge +7
Senator Calls for FTC, SEC Probe Into UnitedHealth’s ‘Negligence’ in Breach 1 day, 10 hours ago | securityboulevard.com
attack board breach ceo +30

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com