iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Taiwanese network hardware manufacturer D-Link has announced that it has suffered a cyber attack, with the threat actor claiming responsibility and selling the stolen data online.
The company was made aware of the incident on 2 October 2023, just a day after the attack occurred. Upon being notified, the company said it took precautionary measures and immediately initiated a major investigation, consulting experts from Trend Micro.
D-Link said the amount of data believed to have been stolen was approximately 700 records that were “outdated and fragmented”.
The threat actor behind the attack, who goes by the name of “succumb”, announced on Breach Forums on 1 October that he had stolen 3 million lines of customer data, as well as source code from the company’s D-View End-to-End Network management system.
“I have breached the internal network of D-Link in Taiwan, I have 3 million lines of customer information, as well as source code to D-View extracted from system,” said the threat actor.
“This does include the information of MANY government officials in Taiwan, as well as the CEOs and employees of the company.”
According to succumb, who is selling the data for US$500, the 1.2 gigabytes of stolen data includes names, emails, addresses, company names, phone numbers, registration dates and the date of last sign-in.
Backing his claims, 45 samples of stolen data were posted on the forum, dated between 2012 and 2013, which other forum users pointed out as being “so old”.
The threat actor said the data goes up to 2023 but provided no evidence.
D-Link has said that its investigations into the incident have revealed “numerous inaccuracies and exaggerations in the claim that were intentionally misleading and did not align with facts”.
While the data is confirmed to have been stolen from the company’s D-View system, it was stolen from D-View 6, an older system that “reached its end of life as early as 2015”. D-Link currently sells D-View 8, but it is currently unclear why the older system was still accessible on the internet.
It also believes that the latest login time stamps were modified to appear as if the data was recent.
The network hardware manufacturer said that it believes that the threat actor gained access to its systems through a phishing attack on an unknowing employee, granting them access to “long-used and outdated data”.
The company said that the threat actor gained access to a “test lab”, which it has since shut down, and conducted a “thorough review of the access control.
“Further steps will continue to be taken as necessary to safeguard the rights of all users in the future,” it said.
D-Link has said that it does not believe that any financial or ID data was leaked in the attack and that it believes that most of its current users will be unaffected by the incident.
Despite the believed lack of impact, D-Link reaffirms that it takes data security very seriously, outlining the “preventative measures” it engaged.
“We immediately shut down presumably relevant servers after being informed of this incident,” it said.
“We blocked user accounts on the live systems, retaining only two maintenance accounts to investigate any signs of intrusion further.
“Simultaneously, we conducted multiple examinations to determine if any leaked backup data remained in the test lab environment and disconnected the test lab from the company’s internal network.
“Subsequently, we will audit outdated user and backup data and proceed with their deletion to prevent a recurrence of similar incidents.”
Be the first to hear the latest developments in the cyber industry.
