Acer Confirms It Was Hacked Again As Culprits Flaunt 60GB Of Stolen Customer Data
For at least the second time in 2021, hackers have breached Acer's servers, this time plundering more than 60 gigabytes of data. Acer has confirmed that names, addresses, and phone numbers belonging to several million clients have been compromised in the breach, as well as sensitive corporate financial and audit details.
If nothing else, this is certainly bad optics for Acer, which earlier this year was on the receiving end of a massive $50 million ransomware campaign. As proof of the data theft, the ransomware gang posted a bunch of stolen files on the REvil website, including financial spreadsheets, bank balances, and bank communications.
It was never made clear if this was partially the result of Microsoft Exchange vulnerabilities that had been used before then by Chinese hackers.
In any event, now several months latest, hacking group Desorden said it has infiltrated Acer's servers in India and swiped data relating to "millions" of customers.
"We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems," Acer said in a statement to Privacy Affairs.
"We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity," Acer added.
The hacking group published private data belonging to more than 10,000 customers, both as a sample of what it is offering for sale, and as proof that it is in possession of sensitive customer details. All the rest will purportedly be offered up for sale, though it's not clear if the group is seeking a ransom from Acer, or intends to sell it in the underground market.