Acer confirms server intrusion after miscreant offers 160GB cache of stolen files
Customer info safe, or so we're told
Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what's claimed to be the Taiwanese PC maker's confidential information.
"We have recently detected an incident of unauthorized access to one of our document servers for repair technicians," an Acer spokesperson told The Register on Tuesday. "While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server."
According to a Monday post on cyber crime hangout BreachForums by a rapscallion going by the name Kernelware, the "various confidential stuff" allegedly stolen from Acer totals 160GB, including 655 directories and 2,869 files.
We have recently detected an incident of unauthorized access to one of our document servers for repair technicians
Kernelware claimed the stolen goods included confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.
"Honestly, there's so much shit that it'll take me days to go through the list of what was breached lol," Kernelware bragged.
The thief said they will only accept Monero cryptocurrency as payment for the haul, and will only sell via a middleman. There's no asking price – though there's a note telling prospective buyers to private message with offers.
Acer didn't respond to The Register's questions about the nature of the stolen data, nor whether it had verified the leaked information.
Even if the crook didn't steal customer information, the data dump could still cause the computer maker damage, according to Erich Kron, security awareness advocate at KnowBe4.
"Not all data breaches need to contain personal information about customers or employees, or financial information such as credit cards, to be a concern," Kron told The Register. "In this case Acer is potentially looking at the release of some of its intellectual property and potentially sensitive company documents."
- Acer servers cracked in India and Taiwan – including systems with customer data
- Dish: Someone snatched our data, if you're wondering why our IT systems went down
- Telus source code, staff info for sale on dark web forum
- US Marshals Service leaks 'law enforcement sensitive information' in ransomware incident
This type of proprietary and technical information about corporate procedures and products can be a boon to competitors and criminals alike, he added. "In the very competitive world of electronics and technology, this information can be very valuable to competitors, and the technical information may be very valuable to bad actors wishing to create exploits targeting the victims' products."
The latest breach follows a couple of security snafus in 2021. In March, the PC giant was one of REvil's victims and the infamous ransomware gang demanded $50 million.
Later that same year, Acer admitted servers it operates in India and Taiwan were compromised by the Desorden gang, and that the breached systems in India contained customer data. ®