Taiwanese PC giant Acer confirms major data breach, with hacker stealing 160GB of sensitive data and hawking it for sale
Taiwanese computer giant Acer has earlier this week confirmed a massive data breach of its intellectual property.
Bleeping Computer reported that Acer has confirmed hackers breached a server hosting private documents used by repair technicians.
The firm says roughly 160GB of sensitive data was stolen from its repair technicians, but the good news is that so far the stolen data does not seem to include customer data.
Acer reportedly said the breach took place in February 2023, and its investigation on the scope of the breach is still ongoing.
Unfortunately, it seems the hackers taken to underground hacking forums to advertise the stolen data.
According to Bleeping Computer, the hackers claim the stolen data contains technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys.
And the hawking of the stolen data on the dark web seems credible, after the hackers posted screenshots of certain schematics for a display, some BIOS definitions, and a few confidential documents, to prove the authenticity of the stolen data.
Bleeping Computer reported that the database will be sold to the highest bidder, who is also required to make the payment in privacy-oriented cryptocurrency Monero.
Acer has suffered a number of data breaches before this.
In March 2021 for example, the PC and laptop maker was struck switch the REvil ransomware, whose operators demanded a ransom of $50 million, in exchange for the decryptor.
The group also threatened to release the stolen data to the public and leaked images of financial spreadsheets, bank balances, and bank communications.
At the time, that was the highest ransom demand – ever.
Then in October 2021 Acer’s after-sales systems in India suffered an attack in which more than 60GB of data got stolen.
Prior to that in June 2016, Acer admitted its e-commerce site has suffered a security breach, and warned that customer names, addresses, and payment card details were potentially accessed by hackers.
What made that case bad was that the leak actually began in May 2015 and was not discovered by Acer until 11 months later.