Acer, a Taiwanese PC manufacturer, has confessed that its servers in India and Taiwan were hacked, but that only those in India contained user data.
The cybercriminals who claimed responsibility for the network intrusions boasted that they stole gigabytes of data from the servers, and that other Acer businesses around the world are also vulnerable to data theft.
This week, Acer released the following comment regarding the situation:
“We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.”
The Desorden Group — Desorden means disturbance in Spanish – claimed responsibility for both attacks. The gang said it stole 60GB from Acer India in posts on the notorious RAIDforums, which included “customer, corporate, accounts, and financial data.”
To back up its claims, the gang also disclosed login information used by Indian retailers and distributors to access Acer systems, as well as some client records.
Desorden also claimed it possesses over 900,000 database entries describing individual Acer customers as well as “organisational, financial, [and] audit” data in a video that appeared to reveal some of the stolen data.
Desorden also claimed responsibility for the attack against Acer Taiwan, claiming it gained access to product and employee information.
Desorden’s motivations were stated in the post claiming responsibility for the Taiwan attack.
“To prove our point that Acer is a global network of vulnerable servers, we have hacked and breached Acer Taiwan,” the post stated. “We did not steal all data, and only took data pertaining to their employee details. Right after the breach, we informed Acer management on the Taiwan server breach and Acer has since taken the affected server offline.”
According to the crew, “a few more” Acer outposts are also vulnerable, and Malaysia and Indonesia are among the countries at risk.
Acer was hit by the REvil ransomware in March 2021, resulting in the security breaches.
Desorden appears to be attempting to persuade Acer that it needs to toughen up, and that shaming it with repeated attacks is no longer an option.