D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
18.10.23 Phishing The Hacker News
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information."
"The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said.
"The data was used for registration purposes back then. So far, no evidence suggests the archaic data contained any user IDs or financial information."
The development comes more than two weeks after an unauthorized party alleged to have stolen the personal data of many government officials in Taiwan as well as the source code for D-Link's D-View network management software in a post shared on BreachForums on October 1, 2023.
D-Link, which roped in cybersecurity firm Trend Micro to probe the incident, cited numerous inaccuracies and exaggerations, stating that the breach led to the compromise of roughly 700 "outdated and fragmented" records, contrary to claims that millions of users' data had been siphoned.
"We have reasons to believe the latest login timestamps were intentionally tampered with to make the archaic data look recent," it noted.
It also said the breach happened as a result of an employee inadvertently falling victim to a phishing attack, and that it's taking steps to enhance the security of its operations. The exact details of the attack were not disclosed.
The company further emphasized that its current active customers are unlikely to be impacted by this incident.