This article is more than 1 year old
D-Link clears up 'exaggerations' around data breach
Who knew 3 million actually means 700 in cybercrime forum lingo?
D-Link has confirmed suspicions that it was successfully targeted by cyber criminals, but is talking down the scale of the impact.
On October 1, word of a data breach spread after a post on a hacking forum claimed to be selling 3 million lines of customer information as well as D-View source code for a one-time $500 fee.
D-Link's public disclosure confirmed it became aware of the incident on October 2 and with the help of investigators called in from Trend Micro, the company determined the actual number of stolen records to be around the 700 mark – substantially off the previously advertised total.
The business said "internal and external" probes had identified "numerous inaccuracies and exaggerations" in the hacking forum post's claim.
It also said the data was not stolen from the cloud per some allegations, but instead originated from a test lab environment of an old D-View 6 system – a model that went EOL in 2015 – via a phishing attack on an employee.
"The data was used for registration purposes back then. So far, no evidence suggests the archaic data contained any user IDs or financial information," it said.
"However, some low-sensitivity and semi-public information, such as contact names or office email addresses, were indicated."
D-Link also believes that some of the data included in the leak, such as last login timestamps, had been manipulated to make the records seem more recent than they actually were.
What isn't addressed in D-Link's extensive disclosure is the allegations made by the cybercriminals that the stolen data included details on Taiwan government officials and D-Link staff.
The Register contacted D-Link for clarification but it did not respond at the time of publication.
The disclosure confirmed that most of the company's current users are thought to be unaffected by the incident.
D-Link said that after becoming aware of a possible breach, it immediately shut down the servers believed to have been affected, blocked all accounts other than two used for the investigation, and took the test lab offline.
- Signal shoots down zero-day rumors, finds 'no evidence' of device takeover
- It's 2023 and memory overwrite bugs are not just a thing, they're still number one
- Google Play pulls sneaky data-harvesting apps with 46m+ downloads
- FBI extends voting security push, LA court hacker goes down, and more D-Link failures
It said that from now on, it would do regular audits of outdated data and delete it where necessary to prevent similar incidents.
"Despite the company's systems meeting the information security standards of that era, it profoundly regrets this occurrence," it said.
"D-Link is fully dedicated to addressing this incident and implementing measures to enhance the security of its business operations. After the incident, the company promptly terminated the services of the test lab and conducted a thorough review of the access control. Further steps will continue to be taken as necessary to safeguard the rights of all users in the future." ®