The Pakistan Telecommunication Authority has issued a cyber security advisory related to the D-Link data breach.
According to PTA advisory, D-Link, a Taiwanese networking equipment manufacturer, confirms a data breach due to a phishing attack. The attacker claims to have stolen D-View network management software source code and millions of personal data entries.
According to PTA, the attacker offered this D-Links stolen data and the source code for $500 on the dark web. D-Link disputes the claim of millions of records, noting around 700 outdated ones were affected.
According to PTA, the D-Link data breach resulted from an employee’s phishing attack. D-Link has taken measures to contain the incident, minimizing its impact on most customers.
D-Link provides networking solutions, routers, switches, routers, access points, USB, adapters, KVM switches, and IP phones in the Pakistani market. The PTA has asked government officials, the telecom sector, private companies & general public to take precautionary measures in this regard.
PTA has advised government offices, and telecom companies to maintain up-to-date systems with the latest security patches and educate employees on recognizing phishing and safe online practices. It has also asked to regularly back up critical data and test the restoration process.
PTA has asked government offices and telecom operators to deploy advanced endpoint protection for threat detection and implement email filtering and anti-phishing measures. It has also recommended conducting routine penetration testing and security assessments and carefully evaluating third-party vendors and software for strong security practices.