The CISO of Swiss cybersecurity agency Acronis has acknowledged a breach of the corporate’s techniques however acknowledged the incident solely impacted a single buyer and that each one different information stays secure.
A Thursday put up [PDF] to the infamous Breached Boards leak-mart introduced information of the breach. In that put up an attacker named kernelware – who additionally cracked Acer – claimed he/she had hacked and leaked certificates recordsdata, command logs, system configurations, system data logs, archives of their filesystem, python scrips for an Acronis database, backup configuration and oodles of screenshots of backup operations.
Kernelware acknowledged that though the $120 million firm is within the information safety and infosec enterprise, it had “dogshit safety” and the explanation for the breach was that the hacker was bored, so determined to “humiliate” them.
The archive posted by kernelware held a complete of 12.2 GBs value of recordsdata.
Acronis CISO Kevin Reed took to LinkedIn to dispute particulars of the hack.
Acronis LinkedIn breach response – Click on to enlarge
Acronis has each tweeted and instructed The Register that no Acronis product have been affected.
“On March 9, a put up on BreachedForums talked about Acronis. We instantly began the investigation. The investigation confirmed that no Acronis merchandise have been affected. Nonetheless, based mostly on the data we’ve got, the credentials utilized by a selected buyer to add diagnostic information to Acronis Assist have been compromised. We’re working with that buyer and have suspended account entry as we resolve the problem,” Acronis instructed The Reg through electronic mail.
“We proceed to analyze and can present updates if any new data is found,” the corporate spokesperson added. ®