Dell Has Changed Your Customer Password After Intrusion
By: Jim Stickley and Tina Davis
December 4, 2018
Dell Technologies has reset your password. Yep, it’s true. The company released a statement saying someone took it upon him or herself to start perusing in the company network early in November. The attack was stopped in its tracks, but Dell has reset all customer account passwords as a precaution. So if you’re wondering why your old one doesn’t work, that’s why. However, they didn’t put the kibosh on it before the intruder may have accessed names, email addresses, and hashed passwords.
Yes, certainly go change your password if you do have a Dell account. Even though the company said those were hashed, they didn’t say with what technology. Not all of them are difficult to crack. And even Dell has forced a password reset out of precaution.
When re-creating that password, make sure to consider the basic guidelines for a strong one:
- At least 8 characters
- Includes upper and lowercase letters
- Includes a number
- Includes a special character
- Isn’t a dictionary or easy to guess word
- Doesn’t contain any personally identifiable information (PII), such as your birthdate
As for the email addresses, you may think that it’s not a big deal for someone to steal that. After all, it’s not really private. We give them out freely quite often. It’s a way to reach you, just like your physical address or work address. However, it really IS significant when bad actors get ahold of your email address. This is because every time they break into an account somewhere, they know a little more about you; like that you have a Dell account and therefore likely have or have had a Dell product. They can use that knowledge to craft targeted email spam messages to you. Then, you are far more likely to click links or open attachments.
Just remember to take a few seconds and recall whether or not you asked for anyone to send you email with links or attachments. If you didn’t, certainly don’t click on them. The key is that if you are not expecting something to arrive in email, be suspicious. Take a second to verify it before acting. Pick up the phone and make a quick phone call. Send a quick text to the sender and ask if the link was intended, or when in the office make a quick visit to the sender’s office or desk. Those few extra moments may save you a lot of time and frustration later.
Dell has employed a digital forensics company to help with additional investigation and is working with law enforcement. There is likely more news to come on this. Therefore, even though Dell said no payment information was accessed, it’s wise to watch those payment card statements for suspicious activity too.