Dell disclosed a cyber attack that took place at the start of November and reset the passwords of all customers as a precautionary measure following the incident.
"On November 9, 2018, Dell detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords," says Dell.
Although Dell did not find any evidence of customer information being exfiltrated from their servers, the company does acknowledge the possibility of it happening.
Despite the chance of data theft being slim, Dell also reset all customer passwords to prevent further exposure of client information and requires all users to go through a multi-step authentication process to regain access to their accounts to limit the possibility of data theft even further.
All Dell users will be automatically prompted to reset their passwords next time they will visit dell.com and try to log into their accounts.
Dell disclosed the attack 20 days later after the investigation ended
According to Dell, the online services that were impacted by the mass password reset include Dell.com, Premier, Global Portal, and support.dell.com (‘Esupport’).
Moreover, the company began an investigation to understand the specifics of the cybersecurity incident with the help of a third-party digital forensics firm and also contacted law enforcement agencies.
"Dell cybersecurity measures include the hashing of our customers’ passwords and a mandatory Dell.com password reset," also says Dell's breach notification,
Also, "Hashed passwords, along with the password reset, limit exposure of customers’ account information. Customers are encouraged to change passwords for other accounts if they use the same password for their Dell.com account."
As further detailed in the cyber attack notification released by Dell, the company disclosed the cybersecurity incident 20 days later because it waited for the independent digital forensics firm to finish the investigation.