Damn Dirty Dell. Potential leak allows scammers to know your personal info.

[rcmaehl]

Source:
ArsTechnica

 

Quotes/Excerpts:

Quote

 a tech-support scam targeting Dell computer owners continues to raise questions about how the callers know sensitive information, including PC serial numbers and the names, phone numbers, and email addresses... uses sensitive details tied to their specific PC purchase, including the PC model, service tag number, and the contact information the customers provided at the time they made the purchase. Armed with those details, the caller has a much better chance of tricking the person into thinking the call is legitimate... According to an interview and posts made to Dell customer-support forums, the unusual scam continues now ... Neither the blog post nor the support website alert makes any mention that the scammers targeting Dell customers know sensitive purchase details. The spokeswoman's email also erroneously lumps the scams in with the "industry-wide" problem even though there's no evidence tech-support scammers are using customer data from other computer makers.

 

My thoughts:

This is clearly and obviously a data breach by Dell or an unprotected API. Dell should come clean with consumers and businesses based on their positions within the market place and industries (along others such as HP and Lenovo). This is an issue specific to them.

[AngryBeaver]

8 minutes ago, rcmaehl said:

Source:
ArsTechnica

 

Quotes/Excerpts:

 

My thoughts:

This is clearly and obviously a data breach by Dell or an unprotected API. Dell should come clean with consumers and businesses based on their positions within the market place and industries (along others such as HP and Lenovo). This is an issue specific to them.

Or this information can easily be read and gained from malicious software that the users have come in contact with. This could be something as nasty as a .exe they downloaded or something as simple as a malicious java add or script on a webpage.

 

There are many much easier ways to get this information than targeting dell directly. If dell was breached and PII stolen then they are legally obligated to let people know. Do you think a company as big as dell would risk the backlash of NOT doing so?

[rcmaehl]

4 minutes ago, AngryBeaver said:

Or this information can easily be read and gained from malicious software that the users have come in contact with. This could be something as nasty as a .exe they downloaded or something as simple as a malicious java add or script on a webpage.

I would think so however the fact is they know information not available on the computer such as purchase date, customer number (web only), email, phone number, and full first and last name. Additionally, reports have including information from the computer savvy. This is definitely NOT the cause of malicious software as the article states if read.

[AGrider]

Dell sells ALL of this info. We get calls all the time offering extended warranties on specific products right at the end of the warranty terms. Seems that all the major tech vendors sell and trade their customer data. 

[Deus Voltage]

16 minutes ago, AGrider said:

Dell sells ALL of this info. We get calls all the time offering extended warranties on specific products right at the end of the warranty terms. Seems that all the major tech vendors sell and trade their customer data. 

Data that should not so easily be jeopardized by tech savvy social engineers.  

[AGrider]

Its not jeopardized, its for sale to anyone who asks. You can go buy that data right now. While it may be data about you, it is not your data.

[Deus Voltage]

7 minutes ago, AGrider said:

Its not jeopardized, its for sale to anyone who asks. You can go buy that data right now. While it may be data about you, it is not your data.

Do you consider the last part of your sentence (While it may be data about you, it is not your data.) legally questionable? 

 

Let me be more precise, is it legal for a corporation to treat private data of individuals as their own?  I know it seems like a silly question, particularly when one considers the Cambridge Analytica fiasco, so you will be tempted to say yes, but I would like to be clarified on that if possible. 

[AGrider]

Its a Dell account, Dell controls what they do with it and how they share that data, not me. If I want the option to do business with Dell, I submit myself and my company to that kind of data use. What data about the dell systems they sold me isnt my data, its theirs, and they can choose to monetize that data without my input. 

[Deus Voltage]

3 minutes ago, AGrider said:

Its a Dell account, Dell controls what they do with it and how they share that data, not me. If I want the option to do business with Dell, I submit myself and my company to that kind of data use. What data about the dell systems they sold me isnt my data, its theirs, and they can choose to monetize that data without my input. 

So the client has no authority over how their data is managed? 

[AGrider]

In the case of Dell, when you purchase from them you agree to that. They will provide the details of you and your purchase to third parties. Im not saying its right or wrong, Im simply pointing out that there doesn't have to be any maliciousness to happen for this data to be simply acquired through entirely legal means directly from Dell. It can then be used for nefarious purposes. 

 

 

 

[JoeCoke]

Just gonna love this here, I know it's unrelated to this topic really, but it evolves Dell so I just have to.
 

Spoiler

HP AND DELL LAPTOPS ARE SHIT. DON'T GIVE THEM YOUR MONEY.

 

Well... That goes for the majority of Windows laptops, but ESPECIALLY Dell and HP. Being the family "tech guy" is a pain in the ass when you can't talk anyone out of these pieces of garbage. They never want to listen to me when a purchase is on the table, but a year later when the piece of shit craps the bed, who they gonna call?

 

But yeah, Dell sucks. The only positive experiences I've had with them were their Optiplexes from the 2000s. I've owned everything from GX100s all the way to gx780s and they were all solid as hell. Their laptops though, never EVER had a good experience. Not one.

 

[Deus Voltage]

Oh I see, I appreciate the candor. One more thing before I forget, when you say "purchase from them you agree to that", are customers made aware, at least clearly, that their data will be shared by third parties? 

[Blasteque]

12 minutes ago, Deus Voltage said:

Oh I see, I appreciate the candor. One more thing before I forget, when you say "purchase from them you agree to that", are customers made aware, at least clearly, that their data will be shared by third parties? 

Every purchase has certain terms and conditions, some are more explicitly stated than others, some are merely implied by federal law; regardless, they're there.  For Dell:

http://www.dell.com/learn/us/en/vn/terms-of-sale-consumer?c=us&l=en&s=corp&cs=vn

 

I don't see anything in there that expressly defines the sell-ability of purchasing information, but it does have this:

Quote

"By providing us with a phone number (including mobile) as your contact number, you expressly authorize us to contact you regarding your account for non-telemarketing communications, via text message or telephone, including the use of prerecorded or auto-dialed calls, using that number."

This would seem to imply Dell (or their agents) can call you all they want to try to up-sell you anything that is related to your purchase.

[thedude4bides]

Wonder if this is why a pc I custom ordered got rerouted the day it was supposed to be delivered to me.  I checked tracking and saw that it was going to some random address all the way across the the country.  Dell customer support claimed they called FedEx to have it delivered back to my house... but that didn't happen and some dude accepted delivery of my PC.  Thankfully paypal refunded me because Dell wouldn't do anything... worst buying experience I've ever had.  

 

It was freaky that it happened after emailing back and forth with Dell support on a certain issue and I was convinced this guy somehow was involved in what happened to my pc.  I immediately changed all my passwords and started monitoring all my shit.

 

bright side is that if that didn't happen I wouldn't have decided to do my first build?

 

 

[GoodBytes]

Entry does not meet posting guidelines of the Tech News section and so the thread was moved out:

What's missing:

• The news needs to be explained in your own words.

[Dabombinable]

3 minutes ago, GoodBytes said:

Entry does not meet posting guidelines of the Tech News section and so the thread was moved out:

What's missing:

• The news needs to be explained in your own words.

Aren't they already?
 

Quote

Your thread must include some original input to tell the reader why it is relevant to them, and what your personal opinion on the topic is. This needs to be MORE than just a quick, single comment to meet the posting guidelines.