Acer data breach allowed hackers to access data of millions of customers

Multinational electronics company Acer has suffered a data breach in which hackers stole over 60GB of data. The data allegedly includes corporate and financial data, as well as the names and addresses of millions of customers. The data breach primarily affects Indian customers, since the breach originated from the post-sales service system in India. 

Desorden, the hacker group who attributed themselves to the breach, posted proof of the data breach on an online forum. Desorden wrote that the stolen files include “customer, corporate, accounts and financial data.” According to Desorden, the data stolen affects millions of customers. 

The hacker group released a video sample as evidence, showing files containing records of 10,000 customers and the credentials of over 3000 acer retailers. Desorden is reportedly now looking for buyers to sell the stolen information to. The group made reference to the REvil attack on Acer earlier this year, but did not make it clear whether they were looking for Acer to pay them or if they would sell the information regardless. 

"Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India" an Acer spokesperson told BleepingComputer. The Indian Computer Emergency Response team has been alerted of the attack, as well as local law enforcement in India. The hackers revealed that they no longer had access to the server, stating “Acer is a global network of vulnerable systems. We no longer have access to their India servers.”  

Acer has contained the issue and is now contacting those affected by the breach. Even so, it sparks concern as this is the second time this year Acer has been targeted by a high-profile data breach. 

Second Acer Data Breach This Year 

In the forum post by Desorden, they reference another data breach that occurred earlier this year when Acer was targeted by an REvil ransomware attack. 

In March of this year, ransomware group REvil targeted Acer with their highest ransom at the time. REvil announced that they had breached Acer, and provided evidence showing private financial documents. REvil set the ransom at $50 million, the highest ransom that had ever been seen at that point. REvil also offered Acer a discounted ransom of $42 million if they paid up by a certain deadline. 

The REvil group allegedly exploited vulnerabilities in Microsoft Exchange to steal Acer’s private data. It is not known whether Acer ended up paying the ransom to REvil, however it is believed that they did not. This is perhaps why the Desorden group have gone straight to attempting to sell the data in underground markets.