Corporate data breach: D-Link responds promptly

Popular Taiwanese networking equipment company D-Link has confirmed a data breach linked to a recent incident in which sensitive information was stolen and subsequently offered for sale on BreachForums.

The company responded promptly to the breach

D-Link responded quickly to the breach by shutting down potentially affected servers and disabling all but two user accounts. According to D-Link, the breach occurred due to an employee falling victim to a phishing attack, which gave the attacker access to the company's network.

The compromised system was obsolete

D-Link clarified that the compromised system was part of a "test lab environment" and was based on an outdated D-View 6 system that reached end of support in 2015. The fact that an outdated server remained accessible in D-Link's network for seven years is still under investigation.

The actual size of the data theft is smaller

Contrary to the threatening actor's claims that it had stolen the data of millions of users, D-Link revealed that the compromised system contained approximately 700 records, all of which had been dormant for at least seven years. This data came from a product registration system that had reached the end of its operational cycle in 2015. D-Link suspects that the threat actor manipulated recent access timestamps to create the illusion of a more recent data theft. The company also reassured customers that the majority of user data consisted of low-sensitivity and semi-public information, thus minimizing the impact on customers.