D-Link, a Taiwanese networking equipment manufacturer, confirms a data breach involving “low-sensitivity and semi-public information.
D-Link, a Taiwanese networking equipment manufacturer, confirmed a data breach that exposed what they describe as ‘low-sensitivity and semi-public information,’ the company said. Notably, this data did not originate from the cloud but appears to have come from an outdated D-View 6 system, which reached the end of its life as early as 2015. Moreover, this data was previously used for registration purposes, and there is no evidence to suggest it contained user IDs or financial information.
This revelation comes over two weeks after an unauthorized party claimed to have stolen personal data from various government officials in Taiwan and the source code for D-Link’s D-View network management software. Remarkably, this claim was made in a post on BreachForums on October 1, 2023.
D-Link, taking swift action, enlisted the cybersecurity firm Trend Micro to investigate the incident. Interestingly, they refuted several inaccuracies and exaggerations, asserting that the breach impacted approximately 700 “outdated and fragmented” records. This stands in stark contrast to the assertion that millions of user data had been taken. Furthermore, the company suspects that the latest login timestamps were intentionally manipulated to make the outdated data appear recent.
Significantly, the breach resulted from an employee inadvertently falling victim to a phishing attack. Nonetheless, specific details of the attack were not disclosed. D-Link is now taking proactive steps to bolster the security of its operations.
Importantly, the company stresses that this incident is unlikely to affect its current active customers.
Related stories: