Acer confirms data breach. Get the latest updates on this cybersecurity incident and safeguard your information. Acer is facing a serious data breach after a hacker posted a 160GB dataset of the company’s confidential files on a hacking forum. The data was allegedly stolen in mid-February and includes private slides and presentations, staff technical manuals, Windows imaging format files, binaries, backend infrastructure details, replacement digital product keys (RDPK), and more.
Acer’s spokesperson confirms the breach
Acer, a Taiwanese multinational computer hardware and electronics company, has confirmed that it was hit by a data breach. The company suffered a cybersecurity incident in mid-February 2023, but it assured its customers that no personal data was stolen. The hackers accessed the company’s internal document server used by repair technicians. The hackers have offered to sell the data for a cryptocurrency known as Monero.
The hacker identifies himself as Kernelware on a popular cybercrime forum BreachForums and claims to have stolen 160 GB of Acer’s sensitive information. The hacker has posted a sample of the stolen data on the site, which includes confidential in-house slides and presentations, technical manuals, Windows imaging format files, binaries, replacement digital product keys (RDPK), backend infrastructure data, and product model documentation for various devices. The hacker is offering to sell the data for XMR, the hard-to-trace cryptocurrency Monero.
This is not the first time that Acer has been hit by a security incident. In March 2021, the company was attacked by ransomware gang REvil, which demanded a record-breaking $50 million from Acer to decrypt computers and avoid publicizing the hack on a hacking forum. In October 2021, Acer was hit by another hacking group called Desorden. The hackers gained access to the company’s after-sales systems in India and stole 60 GB of data, including customer records, login credentials for thousands of distributors and retailers, and corporate documents.
This data breach is another reminder of how important it is for businesses to implement robust cybersecurity protocols and policies. Moreover, companies should ensure that they conduct regular security assessments and employee training on cybersecurity practices. This will help them identify potential vulnerabilities and mitigate the impact of cyberattacks. It is also crucial for companies to be transparent with their customers and employees about the data breaches they experience. Otherwise, it will lead to a loss of trust and confidence in the brand. This can have a negative impact on the company’s reputation and profitability. In the aftermath of this incident, Acer must take immediate action to assess its systems and infrastructure, strengthen its cybersecurity protocols, and educate its employees on how to avoid cyberattacks.
The hacker’s post on BreachForums
The Taiwan-based hardware and electronics company Acer is in trouble again, with a hacker offering to sell 160 GB of stolen data on a well-known cybercrime forum. The hacker’s post claims that the data is sourced from Acer and includes confidential files like binaries, backend infrastructure, replacement digital product keys (RDPK), and more. It also supposedly contains information about Acer’s internal processes, including financial spreadsheets and audit communications. The hacker offered to sell the data in exchange for a price in privacy-oriented cryptocurrency Monero.
The hacker posted the offer on BreachForums, which is a popular platform where hackers advertise their data breaches and other hacking tools. It’s a successor to RaidForums, and in just a few months it’s become the go-to destination for cybercriminals. Its popularity is evident from the fact that known actors from RaidForums have moved over to it.
According to the ad, the stolen data consists of dozens of directories containing 160GB of files. It allegedly includes confidential presentations and staff manuals, technical issues, Windows imaging format files, and various other documentation. The hacker claimed that the data was stolen in mid-February and is available for sale to anyone who will pay a significant amount of money in Monero.
However, Acer isn’t taking the breach lightly. Despite confirming that the server was compromised, the computer manufacturer refused to comment on whether or not customer data was involved. It also said that the information in the leak could cause damage to Acer’s brand.
The data dump is a serious blow for Acer, which suffered from a devastating ransomware attack in 2021 and has a reputation for being lax on cybersecurity. It also had to deal with a hacking incident in India last year, when a group breached the company’s after-sales systems and stole 60GB of information.
The hackers behind the latest data breach claim to have gained access to Acer’s after-sales databases in India and Taiwan. The data they reportedly stole contains confidential information about the company’s employees, customers, and distributors. It also includes financial spreadsheets and other sensitive audit documents.
The hacker’s request for payment in Monero
A threat actor posted on a hacker forum that they had stolen 160GB worth of data from Taiwanese PC giant Acer and were offering it for sale. The data offered for sale allegedly contains a variety of confidential documents and technical information. The hacker claims to have taken the data from a server that hosted documents for repair technicians. The hacker stated that they had accessed the server in mid-February and made away with more than 2,869 files in 655 directories.
The hacker stated that they would only accept payment in the hard-to-trace cryptocurrency Monero. They requested potential buyers contact them via a message to determine if they are interested in buying the data. They also said that they would only sell the data through a middleman. Acer has confirmed that the server in question was hacked, but they have no proof that any consumer data was on the server at the time of the hack.
According to Bleeping Computer, the ad on the hacker forum claimed that the stolen data included “confidential slides / presentations, staff manuals, technical issues, Windows imaging format files, product model documentation for phones and tablets, binary files, backup information, disk images, replacement digital product keys, and BIOS-related info.” The seller has also released screenshots of technical schematics of the Acer V206HQL display, documents, and BIOS definitions as evidence of the stolen data.
Malicious actors behind the post claim that the leak dates back to February 2023, which points to a separate breach from one that took place in March of that year when Acer was hit by REvil ransomware and demanded $50 million in cryptocurrency in order to decrypt computers. However, the Cybernews research team has confirmed that sample data in the post contains files dated 2022, which could indicate a different breach.
In October of 2021, Acer suffered another data breach when hackers from the hacker group Desorden hacked after-sales systems in India and stole 60GB worth of data. The hackers reportedly leaked the login credentials of more than 10,000 customers, wholesalers, and retailers as well as internal business data.
Acer’s response
Acer has confirmed that it suffered a data breach after a threat actor posted 160GB of stolen information on a hacking forum. The Taiwanese computer giant said that the hacker accessed one of its document servers used by repair technicians. However, the company claims that the breach did not affect consumer data. The hacker, who goes by Kernelware, posted a large list of files on the hacking forum and offered them for sale in exchange for the cryptocurrency Monero.
The leaked information reportedly includes confidential slides and presentations, technical manuals, Windows Imaging Format files, binaries of various types, backend infrastructure details, software tools, product model documentation for tablets, laptops, and smartphones, ISO files, ROM files, Replacement Digital Product Keys, and other data. The hacker urged interested parties to private message him for more information. He claimed that the haul could be used to launch future attacks against Acer and its customers.
According to the security researcher at Bleeping Computer, the information that was hacked from Acer could be used to target small businesses and sell ransomware software in their networks. It could also give hackers access to the email addresses and names of small business owners, which could be used for identity theft. It could also give attackers a foothold in the business’ network and create an entry point to attack other businesses in the same industry or geographic area.
Although the data leak does not contain any customer information, it is a serious issue for Acer. This latest incident may damage the company’s reputation and make consumers think twice about purchasing its products. It is also a reminder of the need to improve cybersecurity protocols and practices at all levels of a business.
While most businesses focus their attention on protecting their customers’ information, there is a more subtle danger in having confidential corporate data fall into the wrong hands. The situation with Acer highlights the need for companies to develop better strategies to protect their intellectual property and other proprietary information from cyberattacks. This will include strengthening employee training and implementing stricter IT controls.
