Acer confirms server intrusion after miscreant affords 160GB cache of stolen information

Acer has confirmed somebody broke into one in all its servers after a miscreant put up on the market a 160GB database of what is claimed to be the Taiwanese PC maker’s confidential info.

“We’ve got just lately detected an incident of unauthorized entry to one in all our doc servers for restore technicians,” an Acer spokesperson advised The Register on Tuesday. “Whereas our investigation is ongoing, there’s presently no indication that any shopper information was saved on that server.”

In line with a Monday publish on cyber crime hangout BreachForums by a rapscallion going by the identify Kernelware, the “numerous confidential stuff” allegedly stolen from Acer totals 160GB, together with 655 directories and a couple of,869 information.

We’ve got just lately detected an incident of unauthorized entry to one in all our doc servers for restore technicians

Kernelware claimed the stolen items included confidential slides and shows, workers technical manuals, Home windows Imaging Format information, binaries, backend infrastructure information, confidential product paperwork, Substitute Digital Product Keys, ISO information, Home windows System Deployment Picture information, BIOS elements, and ROM information.

“Actually, there’s a lot shit that it will take me days to undergo the listing of what was breached lol,” Kernelware bragged. 

The thief mentioned they may solely settle for Monero cryptocurrency as cost for the haul, and can solely promote through a intermediary. There isn’t any asking value – although there is a word telling potential consumers to personal message with affords.

Acer did not reply to The Register‘s questions concerning the nature of the stolen information, nor whether or not it had verified the leaked info.

Even when the criminal did not steal buyer info, the information dump might nonetheless trigger the pc maker injury, in accordance with Erich Kron, safety consciousness advocate at KnowBe4.

“Not all information breaches have to include private details about clients or staff, or monetary info similar to bank cards, to be a priority,” Kron advised The Register. “On this case Acer is probably trying on the launch of a few of its mental property and probably delicate firm paperwork.”

This kind of proprietary and technical details about company procedures and merchandise is usually a boon to rivals and criminals alike, he added. “Within the very aggressive world of electronics and know-how, this info may be very invaluable to rivals, and the technical info could also be very invaluable to unhealthy actors wishing to create exploits concentrating on the victims’ merchandise.”

The most recent breach follows a few safety snafus in 2021. In March, the PC large was one in all REvil’s victims and the notorious ransomware gang demanded $50 million.

Later that very same 12 months, Acer admitted servers it operates in India and Taiwan have been compromised by the Desorden gang, and that the breached programs in India contained buyer information. ®