According to the electronics giant, the threat actor had infiltrated one of its internal servers, which hosted confidential private documents of the company meant to be used by its repair technicians. However, no customer data was stolen in the intrusion, it added. “We have recently detected an incident of unauthorised access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” an Acer spokesperson told The Register. The security breach announcement was made by Acer only after a cybercriminal who goes by the name “Kernelware” on Monday posted on a cybercrime hangout BreachForums about wanting to sell the “various confidential stuff” totaling 160GB of data stolen from Acer, which includes 655 directories and 2,869 files.
According to Kernelware, the data which was stolen in mid-February includes the following:
Confidential slides and presentations Staff technical manuals Windows Imaging Format files Binaries Backend infrastructure data Confidential product documents Replacement Digital Product Keys ISO files Windows System Deployment Image files BIOS components ROM files
“Honestly, there’s so much shit that it’ll take me days to go through the list of what was breached lol,” Kernelware wrote about the data stolen on the post. The alleged hacker also posted screenshots of technical documentation of the Acer V206HQL display, documents, BIOS definitions, and confidential documents to prove that they stole data. Further, the threat actor said they will only accept the hard-to-trace cryptocurrency Monero (XMR) as a form of payment and will only sell via a middleman. There is no public price set for the data stolen, probably the cybercriminal wants potential buyers to message them privately with the highest bid offer. This is not the first time that Acer has suffered a cybersecurity breach. Prior to this, the Taiwanese firm suffered a massive data breach in October 2021 where a group of hackers known as Desorden stole around 60GB worth of data from the company’s after-sales systems in India. The stolen information included records of tens of thousands of customers, distributors, and retailers, as well as Acer’s internal business data. Not just this, in March 2021, Acer was breached for the first time by a REvil ransomware attack where the threat actors demanded a ransom of $50,000,000.