API abuse

A threat actor scraped 49 million Dell customer purchase records by abusing a partner portal API, exposing names, addresses, and hardware purchase details.