Hackers claim second breach of Dell data within a week
Learn More
Dell has reportedly suffered a second data breach within a week, with hackers claiming to have accessed sensitive internal files via compromised Atlassian tools like Jira, Jenkins, and Confluence.
The breach, allegedly orchestrated by hackers operating under the aliases "grep" and "Chucky" on BreachForums, supposedly exposed 3.5GB of uncompressed data, including Jira files, database tables, and schema migration information. Hackers posted proof of the breach on September 22, 2024, claiming to have exploited weaknesses in Dell’s use of the Atlassian suite for software development and internal collaboration.
The hacker has shared details about the breach, revealing that all data was stolen during a single intrusion but has been leaked in stages. Among the exposed documents are:
- Incident reports detailing VPN issues, proxy requirements, and Agile access.
- Project files titled “Global Project FY23” and “Global Project FY25.”
- An MFA-related document titled “MFA Authentication – Cisco DUO.pdf.”
Additionally, references to Chinese infrastructure were found in the leaked files, raising concerns about potential operational impacts.
The nature of the attack and number of affected individuals is not disclosed.
The first breach exposed the data of 10,863 Dell employees. While Dell is already investigating the first breach, the company has yet to officially address the second incident.
