Taiwanese networking equipment maker D-Link has confirmed a data breach after a threat actor put up for sale on a cybercriminal forum what they claimed to be stolen source code for D-Link's D-View network management software and millions of entries containing users’ data.
An investigation determined that the exposed data was not from the cloud but likely originated from an old D-View 6 system, which reached its end of life in 2015. The company said it found no evidence that “the archaic” data contained any user IDs or financial information but it did include “some low-sensitivity and semi-public information,” such as contact names or office email addresses.
The vendor explained that the data breach was caused by a phishing attack on one of its employees. D-Link said it immediately terminated the services of the test lab and conducted a thorough review of the access control.
The company believes current customers are unlikely to be affected by the data breach.
