This article is more than 1 year old

Acer servers cracked in India and Taiwan – including systems with customer data

Gang says it grabbed internal info, could do the same to Acer elsewhere

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data.

The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

Acer issued the following statement this week about the affair:

We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.

An entity that calls itself Desorden Group – Desorden is Spanish for disorder – claimed it conducted both attacks. In posts to the notorious RAIDforums, the crew said it swiped 60GB from Acer India, which included "customer, corporate, accounts, and financial data." The gang also leaked login details that retailers and distributors in India use to access Acer systems as well as some customer records to support its boasts.

In a video seemingly revealing some of this stolen data, Desorden also stated it has over 900,000 database records describing individual Acer customers plus "corporate, financial, [and] audit" data. The video, viewed by The Register, shows rows of a spreadsheet that list addresses in Malaysia as well as India.

Desorden also claimed responsibility for the attack on Acer Taiwan, alleging it accessed product information and employee data.

The post claiming responsibility for the Taiwan attack also revealed Desorden's motives.

"To prove our point that Acer is a global network of vulnerable servers, we have hacked and breached Acer Taiwan," the post stated. "We did not steal all data, and only took data pertaining to their employee details. Right after the breach, we informed Acer management on the Taiwan server breach and Acer has since taken the affected server offline."

The crew said "a few other" Acer outposts are also vulnerable, and named Malaysia and Indonesia as those at risk.

The security breaches follow a March 2021 incident that saw Acer fall victim to the REvil ransomware.

Desorden appears to be trying to make the point that Acer needs to harden up, and that shaming it into doing so with repeated attacks has become necessary. ®

More about


Send us news

Other stories you might like