D-Link breach exposes customer information

Attacker claims 3 million records stolen, D-Link says 700 inactive accounts affected

Taiwanese networking equipment vendor D-Link has confirmed a data breach that exposed personal information of customers and employees. The breach apparently occurred after a phishing attack led to an employee granting the attacker access to D-Link's internal network.

In a post on the dark web site BreachForums, the attacker claimed to have stolen 3 million customer records containing names, emails, addresses, phone numbers and login dates, including details of Taiwanese politicians and company CEOs. The threat actor also offered to sell stolen source code for D-Link's D-View network management software.

However, D-Link disputes the extent of the breach. In a support announcement, the company says the compromised system was an outdated D-View 6 system that reached end-of-life in 2015. It contained only around 700 inactive customer records that were at least 7 years old. D-Link believes the attacker tampered with login timestamps to exaggerate the recency of the data.

D-link said it immediately shut down related servers and revoked user accounts, keeping only two for investigation. The company disconnected the test lab system from internal networks and is auditing old user data for deletion.

"Judging by the facts, we have good reasons to believe that most of D-Link's current customers are unlikely to be affected by this incident," it said.

D-Link says its current D-View 8 system has stronger security protections than the outdated D-View 6 system. Nevertheless, the breach highlights the risks of keeping outdated systems active and connected.

For customers worried about the potential impact, D-Link advises changing passwords and contacting customer support for more information.

Routers and other networking equipment are common targets for hackers. Last year, users of D-Link routers were targeted by MooBot software in an attempt to co-opt them into the Mirai botnet.

Yesterday, it was revealed that Cisco routers and other hardware running the IOS XE operating system are under active attack via a zero-day vulnerability that could allow attackers to take over the device remotely. A patch for the flaw has still not been made available, and Cisco is urging customers to block all external access to the web UI until a fix is ready.