[BreachExchange] Hackers just stole personal data from millions of Acer customers

Fri Oct 15 09:25:06 EDT 2021

https://www.digitaltrends.com/computing/acer-was-hacked-again-lost-personal-data-of-millions/

Acer has just confirmed that its servers were beached by a group of hackers
called Desorden. The hackers managed to steal over 60 gigabytes worth of
data containing sensitive information about millions of Acer’s customers.

The compromised information includes the names, addresses, and phone
numbers of several million clients, but also restricted corporate financial
data.

The hack was recently reported by the hackers themselves and was later
confirmed to be true by Acer. Desorden has managed to breach Acer’s servers
in India and obtain massive amounts of data. The data consists of both
consumer and corporate accounts. According to Desorden, the “affected
customer data are in the millions.”

As proof of the data breach, the hacker group published over 10,000
accounts of private customer data. The remaining data will be put for sale,
and the post has already gathered some interest from potential buyers. The
hackers haven’t made it clear whether they wish to sell the data on the
underground market, or they simply want Acer to pay a ransom for it.

According to Acer, the company has immediately instated security measures
and performed a full scan of its systems. The attack affected Acer’s local
after-sales service system in India. The company has then started notifying
all potentially affected customers. In a statement made to Privacy Affairs,
Acer claims that this incident will have no impact on its business
continuity. That is most likely true, but it’s certainly bad timing for the
brand, as this is the second major data breach it suffered just this year.

Earlier this year, Acer’s servers fell victim to a ransomware attack
conducted by the hacking group called REvil. The stolen data was all
sensitive, including bank balances, bank communications, and other
financial information.

REvil demanded $50 million paid in XMR (a cryptocurrency) as a ransom for
the stolen data. Acer hasn’t commented on the situation beyond admitting to
“abnormal situations being observed” during the time of the attacks. This
data breach was, in fact, the largest known ransom demand to date.

Aside from the two hacking incidents, it has been a successful year for
Acer. The company has recently started selling laptops with Windows 11
pre-installed, and it was among the first brands to do so. It’s also
getting ready to start selling what might potentially become the best
gaming monitor ever, the Acer Nitro XV2.

One data breach is bad enough, but to suffer from a second one in the same
year is a true disaster for Acer. Even more so, it’s a disaster for its
customers. Unfortunately, companies of Acer’s caliber are often under
attack, and it seems that in 2021, at least two of these attempts were
successful. It’s definitely a sign that a tightening of security measures
might be necessary for Acer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211015/275d4e97/attachment.html>