"D-Link Says Hacker Exaggerated Data Breach Claims"

D-Link has recently launched an investigation after a hacker offered to sell information allegedly stolen from one of its networks and has determined that the claims are exaggerated.  On October 1, a user of the new BreachForums cybercrime website claimed they had breached the internal network of D-Link in Taiwan, which gave them access to a database storing the information of 3 million customers, as well as source code for the D-View network monitoring product.  The company noted that the hacker claimed to have stolen 1.2 GB of data, including names, email addresses, postal addresses, phone numbers, and the time and date of the last login, and offered to sell the files for $500.  D-Link said it learned of the hacker forum post on October 2 and hired Trend Micro to assist with its investigation.  The probe has been completed, and the networking equipment maker has confirmed suffering a data breach but described the hacker’s claims as inaccurate, exaggerated, and misleading.  The company noted that the data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015.  The data was used for registration purposes back then.  The company noted that so far, no evidence suggests the archaic data contained any user IDs or financial information.  However, some low-sensitivity and semi-public information, such as contact names or office email addresses, were indicated.  D-Link said the attacker gained access to its systems after an employee fell victim to a phishing attack.  The company pointed out several exaggerations and inaccuracies in the hacker’s post.  D-Link claims that only 700 records were actually compromised, not 3 million, and noted that the hacker may have altered the login timestamps to make the data look more recent than it actually is.

SecurityWeek reports: "D-Link Says Hacker Exaggerated Data Breach Claims"