Acronis downplays intrusion after 12GB trove leaks online
Cyber-thief said goal was to 'humiliate' data-protection biz
The CISO of Acronis has downplayed what appeared to be an intrusion into its systems, insisting only one customer was affected, using stolen credentials, and that all other data remains safe.
A Thursday thread [PDF] on the notorious Breached Forums leak-mart brought news of the theft. In that post an attacker named kernelware - who also cracked Acer - claimed they had broken into Acronis, and stolen then leaked certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scrips for an Acronis database, and backup configuration, plus oodles of screenshots of backup operations.
Kernelware stated although the $120 million company is in the data protection and infosec business, it had “dogshit security,” and that the hacker was bored, so decided to “humiliate” the biz. The archive shared by Kernelware held a total of 12.2GB of stolen files.
- Founder of cybersecurity firm Acronis is afraid of his own vacuum cleaner
- Twitter launches probe after miscreants claim to have swiped 5.4m users' details
- Where are the women in cyber security? On the dark side, study suggests
- Russian charged with smuggling US counterintel tech to Motherland
Acronis security boss Kevin Reed took to LinkedIn to dispute details of the boasted intrusion.
Acronis has both tweeted and told The Register that no Acronis products were affected or exploited. Instead, someone got hold of an Acronis customer's account login info and used that to siphon off their files, we're told.
“On March 9, a post on BreachedForums mentioned Acronis. We immediately started the investigation,” a spokesperson for Acronis told The Reg via email.
"The investigation confirmed that no Acronis products were affected. However, based on the information we have, the credentials used by a specific customer to upload diagnostic data to Acronis Support have been compromised. We are working with that customer and have suspended account access as we resolve the issue.
“We continue to investigate and will provide updates if any new information is discovered,” the spinner added. ®