A threat actor has claimed a data breach of the tech giant Dell, supposedly accessing thousands of employee emails linked to Facebook, Steam, and other social media accounts. However, an aura of skepticism surrounds the supposed leak. The company says attackers are peddling old data.
-
Attacker claims access to over 5,000 Dell records including emails and passwords.
-
Cybernews researchers found likely fake email formats in the sample data suggesting the breach size is exaggerated.
-
The attacker uses the moniker ShinyCorporation and posted via a newly created data forum account.
-
If confirmed, the leak could allow criminals to conduct targeted phishing attacks against Dell employees.
Attackers announced the alleged data breach on a popular data leak forum, used to share and sell often illegally obtained data. The exposed database supposedly contains over 5,000 sensitive records.
“Today, we announce to you that we have gained access to a DELL database,” reads the attackers’ post.
According to the cybercriminals, they’ve managed to get their hands on several thousand records, which include:
- Emails
- IP addresses
- Passwords
- Lists of internal URLs
The exposed emails, attackers would like us to believe, belong to over 2,000 Dell employees, including those with linked social media accounts. Namely, Twitter (now better known as X), Steam, and Meta’s Facebook.
We have reached out to Dell for comment and the company replied saying it is aware of the situation. A subsequent investigation revealed that attackers are likely pushing old data.
“Our analysis of the posted data indicates it was taken from publicly-available information on the Dark Web. We have not identified any risks to our environment or data from these claims,” Dell's media relation team said.
What attackers were saying?
Meanwhile, the Cybernews research team looked into the attackers’ claims. According to our team, the data sample attached to the post included 21 emails, allegedly from Dell employees. However, at least four of these appear to be fake, due to an atypical format.
“This suggests that the amount of contact info present may be exaggerated,” our researchers explained.
However, other emails in the sample could be legitimate. If confirmed, this would create several cybersecurity risks for Dell and its employees. For one, attackers could cross-reference emails with social media accounts, enabling them to conduct highly targeted phishing attacks.
“At the same time, leaked IPs could be used for infrastructure reconnaissance. Moreover, if the internal URLs mentioned are real, they can be utilized for reconnaissance. There is also a risk of exposing source code and internal business operations,” our team explained.
Having said that, the attackers' post itself is somewhat suspicious. Small data samples and the presence of likely fake data are not the only notable points. Another one is the attackers’ moniker – ShinyCorporation.
ShinyHunters, LAPSUS$, and Scattered Spider are among the most dangerous cybercrime collectives in recent memory, and the post’s author could be banking on the recognizable name to attract attention.
The data leak forum account appears to have been created recently, with the Dell data leak being the only post made by the account. However, popular accounts often get suspended, or their owners switch from account to account for operational security reasons.
Being one of the largest tech companies on the planet, Dell is often on hackers’ radar. In July 2025, cybercrooks succeeded in breaching Dell’s Customer Solution Centers platform.
The American tech giant notified users of an incident involving sensitive user data in 2024, as well. Names, physical addresses, and Dell hardware information were exposed in the 2024 Dell data breach.
Updated on January 15h [07:30 a.m. GMT] with a statement from Dell.
Updated on January 13th [03:30 a.m. GMT] with a statement from Dell.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked