Acer India’s servers were hacked by a group called Desorden who claim to have stolen over 60 GB of files and databases, Privacy Affairs reported on October 13.
Acer confirmed the breach in a statement to MediaNama:
As part of our security threat evaluations and system checks we have recently detected an isolated attack in early October 2021 on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. There was no financial information of Indian customers compromised but we are actively reaching out to any potentially affected customers.
The company spokesperson also added that the incident has been reported to the Indian Computer Emergency Response Team (CERT-In) and that Acer is devoting additional resources to strengthen its security infrastructure in India.
The is Acer’s second major cyberattack this year. In March, the Taiwanese hardware giant was hit by ransomware attack carried out by the REvil group. The group demanded $50 million, the highest known ransomware demand until REvil demanded $70 million from Kesaya. It is not known yet if Acer paid the ransom.
What data has been breached?
The hackers claim to have stolen customer, corporate, accounts, and financial data from the company. The customer data includes names, addresses, and phone numbers of millions of Acer’s Indian customers and the hackers have provided data of more than 10,000 individuals for verification purposes. “We have found customer data that appears to be accurate and genuine after contacting multiple affected individuals from the released data,” Privacy Affairs stated after verifying the sample data.
The stolen data also appears to include login details of Acer retailers and distributors from India, Privacy Affairs added.
Attack on Acer Taiwan as well
On October 16, Desorden group in an email to Privacy Affairs said that they also successfully attacked Acer in Taiwan and stole employee data.
“To prove our point that Acer is way behind in its cyber security effects on protecting its data and is a global network of vulnerable servers. We have hacked and breached Acer Taiwan server, storing data on its employee and product information.” – Desorden
The email added that Acer’s Malaysian and Indonesian servers are vulnerable as well.
The hacker group told DataBreaches.net that it did not make any separate ransomware demand for the Taiwan breach and that it has informed Acer to close the vulnerability, but it told Privacy Affairs that all its hacks are financially motivated. This suggests that the hackers may have demanded ransom for the Indian hack and let the Taiwan one slide.
On October 18, Acer confirmed the Taiwan breach with Privacy Affairs and said that no customer data was accessed in this breach and that the attack has been reported to relevant local authorities.
- Amazon’s Twitch Hit By Massive Data Breach, Entire Source Code And User Payout Info Leaked
- Text Message Routing Company Syniverse’s Data Breach And Why It Matters, Briefly Explained
- Microsoft Warns Users Of A Sophisticated PhaaS Operation. Here’s What We Know About It
- Tamil Nadu Government Hit By Cyber Attack For Second Time This Year, Raising Major Questions
Have something to add? Post your comment and gift someone a MediaNama subscription.