D-Link Suffers Data Breach Impacting Old Customer Information
Today, with a support announcement, D-link says on October 2nd, D-Link was notified that someone had posted on an online forum claiming to have stolen data from the company's D-View system, a discontinued monitoring tool for networking devices. As the company was notified about the claim, D-Link immediately launched an investigation into the incident and took precautionary measures.
The company found that while the claim of stealing millions of user records was exaggerated, around 700 outdated customer registration records were likely obtained.
According to the D-Link, the impacted data originated from an old version of the D-View software that was retired in 2015. It contained mostly low-sensitivity information like names, office email addresses, and registration details.
So far, no evidence suggests the archaic data contained any user IDs or financial information. However, some low-sensitivity and semi-public information, such as contact names or office email addresses, were indicated. - D-Link wrote
D-Link believes the breach occurred when an employee fell for a phishing attack, granting the attacker access. As soon as it learned of the incident, D-Link shut down related servers and strengthened account security. The company also audited and removed outdated user data to prevent future similar breaches.
Fortunately, D-Link says its current customers are unlikely to be affected since the stolen data was old and inactive. However, the company recommends users change shared passwords on other sites as a precaution.
While not a catastrophic breach, the incident highlights the need for companies to properly secure old systems and data. D-Link appears to be taking the right steps to lock down its network and safeguard customers following this breach.