NewsTechonologyTrending News

D-Link confirms data breach after employees hit with phishing attack

Network gear maker D-Link has confirmed it suffered a breach that saw internal data stolen, but claims the data isn’t actually that useful to malicious actors. 

The company said two employees fell victim to a phishing attack that gave the attacker access to the company’s endpoints

To remedy the problem, D-Link shut down the breached servers and disabled the accounts in question.

Test environment

Earlier this month, a threat actor posted a new thread on a dark web forum, claiming to have stolen product source codes and identity information on customers, employees, and even the CEO.

“I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system,” the attacker was cited saying. “This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company.”

Apparently, the data that was stolen includes people’s names, emails, addresses, phone numbers, account registration dates, and the users’ last sign-in dates. The attacker is asking for $500 for the database and has offered a handful of samples. 

However, the samples seem to be from a decade ago, something other forum members were quick to spot. 

As D-Link further explained, the attacker stole the data from a “test lab environment”, an outdated server that reached end-of-life in 2015. Also, the company said that the attacker stole some 700 records, and not millions, as they’re claiming.

“Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years,” D-Link said. “These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information.”

The company hinted that the threat actor is trying to trick people into thinking they have a more relevant database on their hands, and concluded that the current customers shouldn’t be affected by the incident.

Via BleepingComputer

More from TechRadar Pro

More blog post here