( Image credit : securityaffairs )

Hackers are selling millions of Acer customers’ data as a result of a data breach

( Image credit : securityaffairs )

Acer, a Taiwanese tech company, has announced that its servers in India were hacked, with hackers gaining access to 60GB of users’ data. This is the company’s second data security breach this year.

According to Hindustan Times, Desorden, the gang that claimed responsibility for the hack, accessed data containing individual customer information, corporate customer data, sensitive account information, and financial data.

The hacker group released a video including files and databases holding the information of 10,000 Indian clients. The organization also claimed to have access to over 3,000 sets of Acer retailer and distributor login passwords across India.

Privacy Affairs confirmed that much of the stolen material was accurate after contacting with numerous affected parties. As a result, Acer and its customers are in an extremely vulnerable position.

According to the article, Acer said that it had discovered an isolated attack on its local after-sales service system in India and had enacted security processes, which were followed by a complete scan of its systems. The corporation also stated that it is alerting all clients in the country who may be affected.

According to Acer, the incident was reported to local law enforcement and the Indian Computer Emergency Response Team (CERT-In).

“We have recently detected an isolated attack on our local after-sales service system in India.” Acer told BleepingComputer. “Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India.”

We believe Acer declined to pay up the last time a breach like this happened, which is likely why the attackers decided to sell the data rather than try to get Acer to pay up.

In any case, while it appears that Acer is moving in the right direction following the incident, it’s unclear that the business will be able to recover the stolen data.

This is Acer’s second cyberattack in the last seven months. In March, REvil launched a ransomware attack on the company’s infrastructure. Acer was demanded to pay a $50 million ransom for a decryptor in order to recover the stolen data at the time. Before REvil ordered Kaseya to pay $70 million in a future attack, this was the largest ransom sought by hackers at the time.

It’s unclear whether Desorden has requested that Acer pay a ransom or not.