• tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    6 months ago

    The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.

    • coolmojo@lemmy.world
      link
      fedilink
      English
      arrow-up
      34
      ·
      6 months ago

      I do see potential room for abuse. Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable. Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.

      • BugKilla@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        6 months ago

        Exactly, a lot data exfil’d is used to enrich other sources. All data loss should be treated as a catastrophic failure of security controls. Corporate victims should pay for their customers potential loss of identity and privacy as a preemptive action, even if the data in of itself may be considered low risk. If compliance with this is difficult then executives should be forced under law to post all of their personal info into Wikipedia with audio samples of their voice, full genome mapping and mugshots. Fuck these companies and their profits over people attitude.

    • xep@kbin.social
      link
      fedilink
      arrow-up
      15
      ·
      6 months ago

      Now my friends know I bought an Alienware device. I’m never going to live this down.

    • shininghero@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      6 months ago

      It’s only minor if the data points in this breach are used by themselves.
      Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.

    • Optional@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.

      Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.