Two masked cybercriminals stealing card data with a phishing warning message on a computer screen.

D-Link Confirms Phishing Attack Caused A Data Breach

D-Link, a well-known networking company located in Taiwan, has publicly disclosed a security compromise caused by a phishing attack on one of its staff members.

D-Link became aware of the data compromise on October 2, 2023. Surprisingly, this discovery came just one day after an anonymous person began selling the stolen data on Breach Forums for $500.

The attacker claims to have stolen the source code for D-Link’s D-View network management software. He also got millions of data containing personal information about customers and workers, as well as information on the company’s CEO.

According to reports, the stolen data includes usernames, emails, addresses, phone numbers, account registration dates, and last sign-in dates. The threat actor also made samples of 45 records with timestamps ranging from 2012 to 2013. This caused someone to observe that the data appeared to be very old on the discussion thread.

Data Stolen for Sale from the D-Link Data Breach
Data Stolen for Sale from the D-Link Data Breach (BleepingComputer)

In response to claims made by some people, the source of information made it clear that the relevant data did not come from the cloud. It likely originated in a test lab linked to the obsolete D-View 6 system, discontinued in 2015. This breach came up because of a phishing attack on one of the company’s employees.

In a statement, D-Link confirmed:

The data was used for registration purposes back then. So far, no evidence suggests the archaic data contained any user IDs or financial information. However, some low-sensitivity and semi-public information, such as contact names or office email addresses, were indicated.

D-Link quickly responded after discovering the issue by implementing multiple security measures. They shut down the compromised servers and halted all user accounts save “two maintenance accounts”. At the same time, they commenced an investigation, collaborating with the external cybersecurity firm Trend Micro.

D-Link linked the data theft to a phishing attack that penetrated an employee’s account. Phishing attacks trick people by appearing to be trustworthy sources for obtaining sensitive information. However, D-Link declined to provide details on the circumstances of the phishing attack.

D-Link discovered that the number of people affected was substantially lower than the hacker claimed. It was also discovered that the relevant data was no longer up to date.

According to D-Link:

Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years. We have reasons to believe the latest login timestamps were intentionally tampered with to make the archaic data look recent.

Although the incident is severe, he pointed out that the old stolen data may be an ultimatum. Grimes emphasised that there is a chance that hackers may use this data for phishing scams and other illegal activities.

Meanwhile, D-Link has stated the company is planning a comprehensive assessment of its access guidelines. Their aim is to take extra security measures to prevent similar data breaches in the future. This action is in reaction to the realisation that neglected or old information systems frequently go unmonitored, leaving them insecure owing to a lack of security upgrades and configuration upgrades.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts