this post was submitted on 09 May 2024
467 points (99.2% liked)

Technology

59414 readers
2712 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] slurpinderpin 162 points 6 months ago (7 children)

These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons

[–] [email protected] 59 points 6 months ago (2 children)

But instead they will be fined, and they will pay that fine to the government.

[–] [email protected] 50 points 6 months ago (1 children)

They just pay up and do it again. It's a business expense, not a punishment.

load more comments (1 replies)
[–] [email protected] 11 points 6 months ago

and then, us as the consumer will pay for the fine as well

[–] [email protected] 26 points 6 months ago (1 children)

I agree. Even at $120 each. 120 times tens of millions is serious fucking cash. We need to have a couple of big companies go bankrupt over this shit. Then maybe they will start taking it seriously. Perhaps at that point maintaining personal data on people will be seen as a liability rather than an asset. And that's what we really need.

[–] slurpinderpin 10 points 6 months ago (2 children)

Yep data protection should be life or death. Either that or make the executives personally responsible ie the fines come out of their pockets

[–] [email protected] 3 points 6 months ago

Yup. We need more of the corporate death penalty. And when corporations are so big that 'killing' them would harm the economy, I argue we're back to too big to fail. Maybe the answer is giant fines, and if the company can't pay, wipe out the largest shareholders and then resell the stock over time. Make people's personal information a giant hot potato that nobody wants to be holding.

[–] [email protected] 3 points 6 months ago (7 children)

Why stop there? Abolish the corporate veil. Those motherfuckers can buy liability insurance.

load more comments (7 replies)
[–] [email protected] 24 points 6 months ago

Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.

Oh if only I was European.

[–] [email protected] 8 points 6 months ago (5 children)

The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn't, but doesn't seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don't see a whole lot of potential room for abuse.

[–] coolmojo 34 points 6 months ago (1 children)

I do see potential room for abuse. Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable. Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.

[–] BugKilla 6 points 6 months ago* (last edited 6 months ago)

Exactly, a lot data exfil'd is used to enrich other sources. All data loss should be treated as a catastrophic failure of security controls. Corporate victims should pay for their customers potential loss of identity and privacy as a preemptive action, even if the data in of itself may be considered low risk. If compliance with this is difficult then executives should be forced under law to post all of their personal info into Wikipedia with audio samples of their voice, full genome mapping and mugshots. Fuck these companies and their profits over people attitude.

[–] [email protected] 15 points 6 months ago (1 children)

Now my friends know I bought an Alienware device. I'm never going to live this down.

[–] pdxfed 3 points 6 months ago

A gamer cannot sink lower. Build your own if you care!

[–] [email protected] 8 points 6 months ago

It's only minor if the data points in this breach are used by themselves.
Once you aggregate this with other data breaches, you could end up with a much bigger capability to target anyone in this breach.

[–] slurpinderpin 7 points 6 months ago

Don’t care, punish them all the same.

[–] homesweethomeMrL 5 points 6 months ago

afaict only if a specific hardware vulnerability was found and they cross-linked it with an online account or other network info to try and exploit it.

Or, I guess you could just assume Windows and go with one of the many zero-days that happen there. The trick is still crosslinking them tho. Presumably google has the wifi info.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago) (2 children)

Instantly makes ~~ransomware~~ [edit 2: my brain was being dumb, I didn't mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.

Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can't defend. You can't prevent. The only thing you can do is detect and respond.”

load more comments (2 replies)
[–] [email protected] 5 points 6 months ago

Exactly... Meanwhile some poor soul goes to jail because he is too broke to pay for some parking fines

[–] [email protected] 4 points 6 months ago

In the case of this breach, I'd be happy with a $10 payout, the consequences for me are actually pretty low here. That being said, I think we'd be lucky if Dell had to pay more than $0.50 per person, and that money will probably go to a lawyer's fees, not me.

[–] [email protected] 36 points 6 months ago (2 children)

Got this:

Hello, Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.

What data was accessed? At this time, our investigation indicates limited types of customer information was accessed, including:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order and related warranty information
[–] Snapz 11 points 6 months ago

~~Hello, Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.~~ Sending you this single message satisfies our legal disclosure requirement. Beyond that, we have no actual intention of fixing this, providing you with a meaningful compensation for the breech or really doing anything different at all truthfully. Fuck you.

[–] [email protected] 7 points 6 months ago (1 children)

So people know how expensive a computer is at the address. What could go wrong

[–] IHawkMike 15 points 6 months ago (1 children)

Right, because international hackers are going to mobilize boots on the ground across the world to steal your fucking Optiplex.

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago) (1 children)

I think it's more likely that an attacker would make a fake collections call if you bought something really expensive, especially if they can prove you bought on credit or something. A little ChatGPT and you'd have a targeted script to use.

[–] [email protected] 3 points 6 months ago (1 children)

The leak didn't include phone numbers or emails but I'm sure there will be attempts at spear phishing businesses since they can figure out the business name from the physical address.

load more comments (1 replies)
[–] Coldgoron 35 points 6 months ago (1 children)

Can’t have my ssn stolen if it has already hit the dark web.

load more comments (1 replies)
[–] Hobbes_Dent 25 points 6 months ago

Dude, you’re getting a delinquency letter.

But, like, we paid our fine. Sorry 🤙

[–] FenrirIII 22 points 6 months ago

Expect a ton of Indian people calling pretending to be Dell Support.

[–] Woozythebear 21 points 6 months ago (3 children)

I'm so glad we banned tik tok so my data doesn't fall in the wrong hands.

[–] [email protected] 28 points 6 months ago (1 children)

I know you're being flippant, but it's worth noting that there is a considerable difference between a company getting hacked like this and an app with unfettered access to the cluster to sensors that we've got in our pockets.

load more comments (1 replies)
[–] [email protected] 9 points 6 months ago (4 children)

The thing with tik tok isn't only with the data China can gather from US residents. It's also how they can use that information to influence the populace and send them propaganda, for example influencing the election results.

[–] RagingRobot 3 points 6 months ago (2 children)

They can also gather information about our politicians who use it and blackmail them to get what they want

load more comments (2 replies)
load more comments (3 replies)
[–] [email protected] 8 points 6 months ago (4 children)

The ban is a dumb policy, but you’re daft if you think the security implications are at all similar.

TikTok was caught injecting a keylogger into their in-app browser and their response was “Well yeah, but we promise we’re not using it.”

load more comments (4 replies)
[–] [email protected] 11 points 6 months ago (1 children)

Somebody needs to make a "Dell Dude meme" about this.

[–] Wilshire 13 points 6 months ago* (last edited 6 months ago)

"Dude, you're getting your identity stolen!"

[–] LifeLikeLady 11 points 6 months ago* (last edited 6 months ago) (2 children)

They emailed me earlier about it... Good thing I've only ever bought a monitor from them.

[–] jadedwench 4 points 6 months ago

Sames. They make sweet monitors.

load more comments (1 replies)
[–] [email protected] 9 points 6 months ago (1 children)

What fuckin data is dell even getting and how?

[–] [email protected] 12 points 6 months ago (1 children)

I got their notice email, apparently I bought a laptop charger from them years ago, and after all this time they were still keeping my name, email and physical address, which now leaked. So that's how.

[–] [email protected] 6 points 6 months ago

That's insane to me

[–] [email protected] 6 points 6 months ago (1 children)

Holy fuck. Is that like all their customers?

[–] [email protected] 5 points 6 months ago
load more comments
view more: next ›