A hacker group has claimed to have hacked Acer India's servers, with about 60GB of confidential information belonging to several million of the company's customers.
According to a post on a prominent hacker site noticed by Privacy Affairs researchers, the group known as Desordern claimed to have acquired consumer information, business data, financial data, and information linked to recent company audits.
According to the hackers, the breach includes information on several million Acer customers, the majority of which are from India. It appears to have happened on October 5, according to the most current date stated in the leaked databases. Desordern also stated that it will provide Acer with access to the database in order to substantiate the data and show the breach is legitimate.
A sample of the data released for free which included information on over 10,000 people, was confirmed to be accurate and real by Privacy Affairs researchers, who were able to contact some of those impacted. Data belonging to millions more Acer customers will be available for a fee at a later date, as per the group.
An Acer spokesperson told IT Pro, “We have recently detected an isolated attack on our local after-sales service system in India.”
“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India.”
The issue has been reported to local law enforcement and the Indian Computer Emergency Response Team, according to the spokesman, and there has been no substantial impact on the company's activities or business continuity.
In March of this year, Acer was the victim of a $50 million ransomware assault carried out by the notorious ransomware group REvil.
The group disclosed the Acer breach on its website, where it displayed photos of allegedly stolen information such as financial spreadsheets, bank communications, and bank balances. The vulnerability was thought to be connected to a Microsoft Exchange cyber-attack conducted by at least 10 hacker groups.