D-Link Confirms Data Breach but Denies Claims of 3 Million Stolen Data
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
D-Link, the Taiwan-based networking equipment manufacturer, confirmed the data breach incident related to the publication and sale of its internal data on BreachForums earlier this month.
The incident came to light on October 1, when a member of the dark web forum claimed to have breached the company’s network to steal millions of users’ data and source code for the D-View network monitoring product.
The hacker claimed to have 1.2 Gb of employee and customer personal data, including names, email, addresses, company, phone numbers, registration date, and date of last login. The claims also included information on Taiwanese government officials and CEOs. All this data was on sale for $500.
Following the claims, D-Link in partnership with Trend Micro launched an investigation and identified many discrepancies in the claim. ‘’The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015[..] So far, no evidence suggests the archaic data contained any user IDs or financial information,’’ revealed D-Link .
According to the company, the hacker’s claims were exaggerated and misleading, as its investigation showed that only 700 user records were compromised and none were of active users. Moreover, it is believed that the hacker manipulated the login timestamps of stolen data to make it look like a recent theft.
The breach is said to have occurred because an employee unintentionally fell prey to a phishing attack, thereby granting access to the outdated data.
In response to this attack, the company immediately implemented several remediation measures to prevent the occurrence of similar incidents in the future. It also revealed that the hacked product was an older version of the current D-View 8 offering, and active customers were unlikely to be affected by this incident.
Nevertheless, D-Link advised its users to change passwords and remain cautious about suspicious calls, messages, and emails.
Signal Refutes Claim of Alleged Zero-Day Vulnerability
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Signal, an encrypted messaging service denied claims about a possible zero-day flaw that could impact the security and privacy of its users.
The rumors, which started circulating over the weekend, warned users to turn off link previews on Signal. Thus, relating the security flaw to the ‘Generate Link Preview’ feature of the app. However, post investigation, the company confirmed that it found no evidence supporting this unverified claim.
It released a statement on X (formerly Twitter) about its investigation and the lack of evidence regarding the rumor about the claimed vulnerability in the software. It also advised users with any genuine knowledge about the flaw to contact their security team via security@signal.org.
‘’PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation, we have no evidence that suggests this vulnerability is real nor has any additional info been shared via our official reporting channels,’’ the statement on X read.
The company also tweeted that it had verified these claims with US government officials, cited as a source for this alleged vulnerability report.
‘’We also checked with people across the US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim,’’ Signal stated.
The rumor which originated from an unverified source claimed that the flaw can grant unrestricted access to the app users’ device. Thus, allowing threat actors to deploy malware and extract personal information of the target for committing financial frauds or espionage campaigns.
The possibility of threat actors exploiting this vulnerability led to a widespread concern among the cybersecurity community , resulting in an outpouring of advice to disable the ‘Generate Link’ feature or update the app.
Launched in the beginning of 2018, Signal messaging platform is said to have more than 40 million users .
