On 28th November, Dell announced that on the 9th November, it had “detected and disrupted unauthorized activity” on their network. The statement went on:
Upon detection, we immediately implemented countermeasures and began an investigation. We also retained a digital forensics firm to conduct an independent investigation and engaged law enforcement.
Let’s look at what we know so far.
After hack, Dell advises its users to change their passwords
As hacks go, it was pretty boring. The hackers were apparently found trying to access customer names, email addresses, and hashed passwords.
Just in case you are wondering, hashed passwords are passwords that are encrypted so that if something like this happens, intruders can’t steal the actual passwords, just a string of random letters, numbers and symbols.
Quick Action Taken
Dell discovered the intruders quickly and booted them out before they could get up to any real mischief. However, Dell did employ the services of a forensics firm to find out what, if anything, was accessed and/or taken.
As far as Dell believes, “Through that investigation, we found no conclusive evidence that any customer information was taken.”
In the post, Dell expressed its commitment to ensuring that its customers’ data would be safe. Obviously, that commitment doesn’t go as far as stopping ne’er-do-wells actually getting into the system of one of the world’s leading tech companies, but we all know what they mean.
Change Your Passwords
An example of their commitment is found on the ‘Customer Update‘ page. There are some handy password tips. I’ll repeat them below:
- Passwords should contain a minimum of 8 characters, using a mix of uppercase and lowercase letters and at least one number.
- Don’t use any words that can be associated with you such as a family name or address.
- Choose a reminder sentence about your life and create a password as the first letter of each word, so “I drink 2 cups of Tea With Honey every day!” becomes “id2coTWHed!” (Customers should not use this same example).
- Keep in mind that it’s never a good idea to use the same password across multiple sites.
But Passwords Are Not the Problem
That’s all good advice but the point is that even if users had followed the advice of Dell, it wouldn’t have mattered in the least. It’s not that the passwords tips are not useful. It’s just that it’s completely irrelevant to the issue at hand. Mind you, irrelevant or not, most people won’t bother changing their passwords anyway.
The actual point is that Dell allowed access to its systems (and therefore, our data). I recently talked about security in another article, and one of the points I made was that if a company doesn’t take your security seriously, they are not like to take their security seriously either.
Anyway, another crisis to humanity has been averted, and we can go on about our lives as usual, either with or without new passwords. By the way, my password is 123456 if anyone needs it.
RELATED STORIES TO CHECK OUT: