So, they stole barely anything better than public information. I guess if you really wanted to, you could use the info to target a specific person with a known zero-day, since you know what hardware they potentially have, but not really something the average person should be worried about.
It’s interesting that it was so easy to do, though, and I hope Dell audits any other APIs they provide.
My takeaway is targeted scam calls. You take the name and address, look up their phone number, and now you have very specific information to craft a credible scam warranty call or something with.
So, they stole barely anything better than public information. I guess if you really wanted to, you could use the info to target a specific person with a known zero-day, since you know what hardware they potentially have, but not really something the average person should be worried about.
It’s interesting that it was so easy to do, though, and I hope Dell audits any other APIs they provide.
My takeaway is targeted scam calls. You take the name and address, look up their phone number, and now you have very specific information to craft a credible scam warranty call or something with.
“We’re calling about your monitor’s extended warranty…”