Acer Hacked – Private Data of Millions of Clients Sold on Hacker Forum
Hacker group Desorden announced today on a popular hacker forum that it has hacked and breached the Taiwanese multinational hardware and electronics company Acer.
On a forum post today – 13 October – the hacker group Desorden announced that it had hacked and breached the Indian servers of Acer.
This alleged breach affected acer.co.in – the Indian subsidiary of the Taiwanese manufacturer.
The hackers claim to have stolen 60 GB of data and databases from Acer servers. The stolen data includes customer information, corporate data, sensitive accounts, and financial and audit data.
Update: In a statement given on 14 October to Privacy Affairs, Acer confirmed that its Indian servers have been breached by hackers.
Privacy Affairs was the first outlet to break the story on October 13. We reached out to Acer for comments.
Acer spokesperson Steven Chung gave the following statement to Privacy Affairs:
“We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has no material impact on our operations and business continuity.”
Highlights
- Hacker group Desorden claims to have breached Acer India
- Private data of several million clients affected – includes name, address and phone numbers
- Hackers are selling sensitive corporate financial and audit data
- Released data appears to be real and authentic
- Data includes login details of Acer retailers and distributors
Update: The released data includes login details of Acer retailers and distributors from India.
According to the hackers, the breach affects the data of several million Acer customers, mostly from India.
Desorden group claims that it will give Acer management the right to verify the data to prove that this breach was real and the data is authentic.
Privacy Affairs has analyzed the data publicly released by hackers. We have found customer data that appears to be accurate and genuine after contacting multiple affected individuals from the released data.
Private data of more than 10,000 individuals was released for free, and as a sample, and from here, we managed to confirm the identity of several listed individuals.
The hackers claim that the sensitive data of several million more Acer customers will be released for a fee.
The breach appears to have taken place on October 5th. That is the last date with up-to-date information available in the leaked databases.
It is unclear how the hackers have managed to obtain the allegedly stolen data.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Second Major Attack in 2021
This event marks the second successful cyberattack against Acer. Earlier in 2021, Acer suffered a major ransomware attack carried out by the now infamous REvil ransomware operation.
At the time, cybercriminals demanded $50 million in ransom from the company. Initially, Acer refused to either confirm or deny this attack.
Desorden is a known hacker group that has carried out several known cyberattacks in the past.
The most recent one was on September 23, when the group claimed to have stolen more than 200 GB of data from the Malaysian division of ABX Express Enterprise.
At the time of the previous attack, Desorden Group commented the following on their activities:
“Desorden attacks on supply chains create a higher level of disorder & chaos affecting many parties rather than the victim itself. If the victim fails to pay, Desorden sells the data on the black market in a few days.
The group seems to be a high-profile seller of hacked data on the respective dark web hacker forum. This new data breach is already the third major one claimed by the group just this month.
A few days ago, the same account posted an announcement claiming to have breached SkyNet.com.my Malaysia Logistics and released the personal data of millions of clients.
Yet another one was a breach against the Singapore division of the recruitment and HR company ProTempts.
