Posted on March 8, 2023 at 9:39 AM
Acer confirms a breach after 160GB of data was auctioned on a hacking forum
Acer, one of the largest computer companies based in Taiwan, has been the victim of a data breach. The breach happened after hackers gained unauthorized access to a server hosting private documents that were used by repair technicians. The breach adds to the long list of hacking incidences that Acer has suffered in the past.
Acer confirms a data breach
The computer giant has said that it was conducting an investigation into this breach. It noted that the results of the probe have not indicated that the breach had any effect on customer data.
Acer confirmed this hack after the threat actor behind this breach claimed that they had access to a variety of data stolen from Acer. Part of the data that was stolen by the threat actor includes the technical manuals, software tools, backend infrastructure details, and product model details for devices such as phones, tablets, laptops, BIOS images, ISSO files and ROM files.
The threat actor also took measures to show proof that they stole the data from the computer giant. The hacker shared screenshots of the technical details of the Acer V206HQL display, BIOS descriptions, documents and other confidential details that could only be known by someone with close knowledge of the system.
The hacker that posted this data clarified that they would sell all the stolen details to those who placed the highest bid. The threat actor also said that they would only accept payments in Monero (XMR), a cryptocurrency that is extremely hard to trace.
Acer has noted that the company’s systems were indeed infiltrated by a threat actor. A spokesperson from the company noted that the breach happened in one of the servers belonging to the company, adding that the breach likely originated from repair technicians.
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” the company said. “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”
Acer has suffered similar security incidents in the past
It is not the first time that Acer is suffering from a security breach that has resulted in customer data being stolen. Similar security breaches have been reported by the company in the past, with the hackers usually being driven by financial motivation.
In March 2021, Acer was targeted by the REvil ransomware group that demanded a ransom payment of $50 million. The hackers demanded this payment in exchange for getting a decryptor. The company also threatened to leak confidential financial documents about the company if this payment was not made.
At the time, the REvil ransomware group announced that they had breached the Acer systems and even shared some of the images of these stolen files as proof of their activity. These leaked documents included the financial spreadsheets, bank balances and bank communications, which was sensitive data for the company.
In October of 2021, Acer suffered yet another data breach. At the time, the computer giant announced that its after-sales systems situated in India were targeted by a threat actor group known as Desorden. This threat actor group stole more than 60GB of data from the company servers. The stolen data included the records pertaining to tens of thousands of customers, retailers and distributors.
After this breach was detected, Acer said that it commenced the security protocols and completed a full scan of its systems. The company also notified all the customers that were potentially affected in India. It also reached out to law enforcement and the Indian Computer Emergency Response Team to report the breach.
The data stolen by the threat actor includes data belonging to clients, corporate and the company’s finances. The hackers also obtained the login information of the retailers and distributors of Acer situated in India.
The hacker also shared proof at the time pertaining to the breach they had conducted. The proof included a video showing the stolen files and databases. The hacker also accessed the records belonging to 10,000 customers at the computer giant and had access to the login credentials of 3000 Acer distributors and retailers situated in India.
During the same week, the Desorden threat actor group targeted Acer two times. In the second instance, the company breached Acer systems and accessed and stole employee information. the stolen data included the login credentials of these employees, which further jeopardized the company’s security, and could cause more harm to the attackers.