The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.
Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.
I do see potential room for abuse.
Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable.
Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.
Exactly, a lot data exfil’d is used to enrich other sources. All data loss should be treated as a catastrophic failure of security controls. Corporate victims should pay for their customers potential loss of identity and privacy as a preemptive action, even if the data in of itself may be considered low risk.
If compliance with this is difficult then executives should be forced under law to post all of their personal info into Wikipedia with audio samples of their voice, full genome mapping and mugshots.
Fuck these companies and their profits over people attitude.
It’s only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.
The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.
Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.
I do see potential room for abuse. Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable. Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.
Exactly, a lot data exfil’d is used to enrich other sources. All data loss should be treated as a catastrophic failure of security controls. Corporate victims should pay for their customers potential loss of identity and privacy as a preemptive action, even if the data in of itself may be considered low risk. If compliance with this is difficult then executives should be forced under law to post all of their personal info into Wikipedia with audio samples of their voice, full genome mapping and mugshots. Fuck these companies and their profits over people attitude.
It’s only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.
Now my friends know I bought an Alienware device. I’m never going to live this down.
A gamer cannot sink lower. Build your own if you care!
Don’t care, punish them all the same.