Dell sent a notice (opens in new tab) to all Dell.com customers about a breach in the company’s network by a malicious party. The company assured them that none of their sensitive information was exposed.
On November 9, 2018, Dell detected and disrupted unauthorized activity on its enterprise network that attempted to extract Dell.com customer information, including names, email addresses and hashed passwords. Dell said credit card and other sensitive information was not targeted.
The company said it immediately started deploying countermeasures and began an investigation. It also hired a computer forensics firm to investigate the breach and alerted authorities. Dell said that this investigation showed no conclusive evidence that any customer data was stolen, but it’s also sometimes difficult to identify such things if the hackers were sophisticated enough not to leave trails of their activities.
Dell noted that although the customers’ passwords were hashed to limit its customers’ password exposure in case of a data breach, it will still reset everyone’s passwords just to make sure that no password will be cracked and revealed to attackers.
Hashing turns users’ passwords into a different string of characters, but this process can be reversed if the users’ passwords are too simple, which is often the case. Previous surveys of stolen password databases have shown that a large portion of users continue to use extremely simple and guessable passwords for their online accounts.
Dell’s Security Tips for Your Account
Dell issued a number of recommendations for its customers to help them improve their accounts’ security, such as:
- Passwords should contain a minimum of 8 characters, using a mix of uppercase and lowercase letters and at least one number.
- Don’t use any words that can be associated with you such as a family name or address.
- Choose a reminder sentence about your life and create a password as the first letter of each word, so “I drink 2 cups of Tea With Honey every day!” becomes “id2coTWHed!” (Customers should not use this same example).
- Keep in mind that it’s never a good idea to use the same password across multiple sites.