Breaking News: D-Link Discovers Devastating Data Breach Following Ingenious Employee Phishing Attack

Data Breach at D-Link Confirmed

IT Services can confirm that D-Link, the Taiwanese networking equipment manufacturer, has experienced a data breach. The breach involved stolen information from D-Link’s network, which was subsequently put up for sale on BreachForums.

The attacker claims to have obtained the source code for D-Link’s D-View network management software, as well as millions of entries containing personal information of customers and employees, including details about the company’s CEO.

The stolen data includes names, emails, addresses, phone numbers, account registration dates, and users’ last sign-in dates.

The threat actor has shared 45 stolen records from 2012 to 2013 as proof. However, another participant in the forum noted that the data appeared to be quite old.

“We have successfully breached the internal network of D-Link in Taiwan. We have retrieved 3 million lines of customer information and the source code for D-View,” the attacker stated.

“This includes the information of numerous government officials in Taiwan, as well as the company’s CEOs and employees.”

The stolen data has been available for purchase on the hacking forum since October 1st. The threat actor is demanding $500 for the stolen customer information and the alleged D-View source code.

Data Stolen from a “Test Lab” System

D-Link has reported that the security breach occurred when an employee fell victim to a phishing attack, providing the attacker with access to the company’s network.

In response, IT Services immediately took action by shutting down potentially affected servers and disabling all but two user accounts for the duration of the investigation.

While D-Link has confirmed the breach, it clarified that the intruder gained access to a product registration system within what the company referred to as a “test lab environment.” This system operated on an outdated D-View 6 system that reached its end of life in 2015.

The reason why an end-of-life server remained operational on D-Link’s network, potentially exposed to the Internet for seven years, remains unclear.

Contrary to the attacker’s claim of stealing millions of users’ data, D-Link stated that the compromised system contained approximately 700 records, with information on accounts that have been inactive for at least seven years.

“However, based on our investigations, the compromised system only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years,” said D-Link in an announcement.

“These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information.”

D-Link also suspects that the threat actor intentionally manipulated recent login timestamps to create the illusion of a more recent data theft. Additionally, the company reassured its customers that most of them are unlikely to be impacted by this incident.