Once they gained access to the portal, Menelik told BleepingComputer they had created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information.

As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/