Posted on October 18, 2021 at 12:14 PM
Desorden, a renowned hacking group, has announced that it has successfully hacked Acer, a leading multinational hardware and electronics firm based in Taiwan. The hacking group announced the breach through a popular hacker forum.
A forum post on the hacking forum on October 13 stated that the hacking group had breached the Indian servers belonging to Acer.
Breach on Acer’s Indian Subsidiary
The breach on Acer happened on the Indian subsidiary server of the Taiwanese manufacturing firm. The post on the hacking forum states that the hackers had stolen around 60 GB of data and databases from the Acer servers.
The stolen data shows that the details stolen during this breach include customer details, corporate data, and other sensitive accounts. Financial and audit data was stolen.
A statement by Acer on October 14 confirmed that the breach on its Indian servers had indeed happened. The report of this hack was first reported by Privacy Affairs on October 13. A statement confirming the breach by Steven Chung, an Acer spokesperson, stated that they had recently detected and isolated the attack detected on the firm’s after-sales service system in India.
“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has a material impact on our operations and business continuity,” the Acer statement read.
The released data concerning this attack further showed that the hackers had accessed the login details of retailers and distributors of Acer in India. The statement by the hackers further shows that the breach compromised the data of millions of Acer customers. The largest number of affected customers were those based in India.
The hacking group also stated that it would give Acer’s management a chance to verify the data and prove that the breach had occurred and that the acquired data was authentic. The data has also been analyzed by cybersecurity firms who have agreed that it is authentic.
The report by Privacy Affairs stated that the publicly posted data in a public forum was authentic. Besides, the report also states that the customer data was accurate and genuine. The data was also verified after some of the affected individuals in the leak verified that their details were posted.
The hacking group released data belonging to over 10,000 individuals for free. The data was also to be used as a sample for Acer and cybersecurity firms to confirm the identity of the listed individuals and confirm that the data was authentic.
However, the hackers have stated that they still have millions of data belonging to Acer customers yet to be released. However, the remaining portion of data will only be released at a fee.
Details show that the data was breached on October 5. The leaked information shows that the last date contained in the leaked data was October 5. It is still a mystery how the hackers gained entry into Acer’s systems and how they could access the stolen data.
Second Acer Attack in 2021
This breach is the second successful cybersecurity attack on Acer. Towards the start of 2021, Acer was the victim of a major ransomware attack conducted by the popular REvil ransomware group. During this attack, cybercriminals demanded $50 million in ransom from Acer for the group to stop the attack. However, Acer has not denied or accepted that this attack happened.
Desorden hacking group is one of the most popular ones in the cybersecurity space. The hacking group is attributed to some of the most popular cyberattacks that have happened in the past.
Besides this attack, the group was also attributed to another breach on September 23. The group stated that it had compromised the systems of ABX Express Enterprise and that it had gained access to over 200 GB of data from the firm’s Malaysian division.
During the September 23 attack, the hacking group issued a statement saying, “Desorden attacks on supply chains create a higher level of disorder & chaos affecting many parties rather than the victim itself. If the victim fails to pay, Desorden sells the data on the black market in a few days.”
This hacking group is one of the most prolific ones in the hacking forum. The recent data breach is the third leading one that has been attributed to this group in October alone.
A few days before the Acer breach, the hacking group had issued a notice saying that they had successfully breached SkyNet.com.my Malaysia Logistics. The group stated that it had accessed personal data belonging to millions of clients. The group also hacked the Singapore division of ProTempts, an HR and recruitment firm.