Earlier this month, a website called "World Leaks" (World Leak)'s new ransomware gang has hacked into one of Dell's product demo platforms and is now trying to blackmail the company into paying a ransom. Dell officially acknowledged the incident and confirmed that threat actors had breached itsCustomer Solution Centerplatform, which is used to showcase Dell products and solutions to customers.

Dell said: "A threat actor recently gained access to our Solutions Center, which is designed to demonstrate our products and test proof-of-concepts for Dell's commercial customers. It is intentionally isolated from customer and partner systems and Dell's network, and is not used to provide services to Dell customers."

The data used by Solution Center is primarily synthetic (fake) data, publicly available data sets used only for product demonstration purposes or Dell scripts, system data, non-sensitive information, and test output. Based on our ongoing investigation, the data obtained by the threat actors is primarily synthetic, publicly available, or Dell system/test data.

World Leaks stole data from the environment during the attack, which is believed to be synthetic test data used in product demonstrations and trials. While threat actors may have believed it contained valuable data as it contained sample medical data and financial information, the data was reportedly completely fake. The only legitimate data stolen in this attack was a very outdated contact list.

Dell's Customer Solutions Center is walled off from Dell's other customer-facing networks and internal systems, and customers have been repeatedly warned not to upload private data to the lab.

Because the breach is still under investigation, Dell will not disclose this information. When asked about the ransom demand, Dell said he had no further information to disclose.

World Leaks is a rebranded version of Hunters International ransomware that shifted its focus from file encryption to pure data extortion.

Hunters International launched as a ransomware operation in late 2023 and was flagged as a possible rebrand of Hive due to similar code.

Since then, threat actors have launched more than 280 attacks against organizations around the world.

In January 2025, Hunters International changed its name to World Leaks, citing concerns that ransomware was no longer profitable and risky. Instead, threat actors are now focused on leveraging customized data exfiltration tools to steal data in ransomware attacks.

Since its inception, World Leaks has published data from 49 organizations on its data breach website. They have not yet published Dell's data. Its affiliates have also been linked to recent exploits of SonicWall SMA 100 devices, where threat actors installed a custom OVERSTEP root kit.

Yutaka Sejiyama, a threat researcher at Macnica, revealed that 10 of the 46 companies listed on the World Leaks data breach website used SMA 100.