Acer Data Breach Sees Millions of Customers' Data Sold
Table of Contents
- By Dawna M. Roberts
- Published: Oct 27, 2021
- Last Updated: Mar 18, 2022
A massive security breach on Acer's servers resulted in the loss of critical internal business information belonging to millions of customers. Acer India's after-sales support systems appear to have been directly impacted by the incident.
What Happened in the Acer Data Breach?
The hacker group Desorden has claimed the current attacks on Acer India's servers that occurred on October 5th. Customer information, company data, sensitive accounts, financial, and audit data are among the 60 GB of data stolen, according to the group. The login information for Acer's Indian retailers and distributors was also included.
As proof, the group supplied a video that shows the stolen files and databases, as well as releasing a sample of 10,000 customers' data for free. They've even stated that Acer will be granted the authority to confirm the breach's validity and the information contained within.
Desorden Group is a well-known hacker group that has previously carried out several well-publicized cyberattacks. They breached the Malaysian division of ABX Express Enterprise, a courier service based in Selangor, in September, stealing more than 200 GB of data.
How did Acer respond?
Acer confirmed that its Taiwan-based servers had been compromised after hackers revealed details about the incident to Privacy Affairs, the platform that first broke the story. Acer’s spokesperson, Steven Chung responded with the following statement to Privacy Affairs.
“We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”
The publication reported that this is the Taiwanese multinational's second significant cyberattack this year.
Which Customers are Affected?
According to the hackers, the breach affects the data of several million Acer customers, mostly from India. Privacy Affairs had a look at the publicly available data of 10,000 individuals and could contact affected persons to establish identity. However, the hackers also claimed that the sensitive data of millions of Acer customers will be released for a fee. They proceeded to sell the stolen data, rather than convincing Acer to comply with their demands as they did not pay up the first time, reports Privacy Affairs.
Who is the Desorden hacking group?
Desorden Group is a well-known hacker group that has previously carried out several publicized cyberattacks. They breached the Malaysian division of ABX Express Enterprise, a courier service based in Selangor, in September, stealing more than 200 GB of data.
They issued a statement at the time of the previous attack, saying:
“Desorden attacks on supply chains create a higher level of disorder & chaos affecting many parties rather than the victim itself. If a victim fails to pay, Desorden sells the data on the black market in a few days.”
According to Privacy Affairs,
"The group is recognized on respective hacker forums as a high-profile seller of hacked data. They have also taken responsibility for the breach against another local carrier SkyNet.com.my Malaysia Logistics and the Singapore division of recruitment and HR company ProTemps."
The Acer data breach is already the third major one claimed by the group just this month and the second attack Acer has experienced this year.