D-Link, a Taiwanese manufacturer of networking devices, has admitted to a data breach in which, according to their own statements, “low-sensitive and semi-public information” was exposed.
The company clarified that this data did not originate from the cloud but likely came from an outdated D-View 6 system, which had reached the end of its lifecycle by no later than 2015. Originally, this data was used for registration purposes, and there is no evidence that it contained user IDs or financial information.
This revelation came more than two weeks after an unauthorized party claimed to have stolen the personal data of numerous government officials in Taiwan and the source code for D-Link’s D-View network management software. The claim was shared in a post published on BreachForums on October 1, 2023.
D-Link has enlisted the services of the cybersecurity company Trend Micro to investigate the incident. The company pointed out several inaccuracies and exaggerations, emphasizing that the breach compromised about 700 “outdated and fragmented” records, as opposed to claims that millions of user data were accessed. D-Link suspects that recent login times were intentionally manipulated to make the old data appear current.
The data breach was attributed to an employee who unwittingly fell victim to a phishing attack, although specific details of the attack were not disclosed. D-Link is taking measures to strengthen the security of its operations.
It is important to note that the company has emphasized that its current active customers are not expected to be affected by this incident.