160 GB of Acer data is now available for sale on the dark web
Taiwan-based Acer Inc. confirmed a security breach today after a 160 gigabytes data dump of Acer data was offered on an underground forum.
According to the sales pitch on the underground forum, the leak contains 160 gigabytes of data. It allegedly consists of 655 directories and 2869 files, which include confidential information, binaries, confidential product mobile documentation and information, replacement digital product keys, ISO files, Windows System Deployment image files, "tons of BIOS stuff" and more. The seller claims that it took them days to go through the directory and files.
The thread starter published a few samples, as screenshots, that showed technical schematics, confidential documents and other data. Monero, a cryptocurrency, is the only form of payment that the thread starter accepts, according to the post. Monero transactions are difficult to trace, which makes it a preferred currency for transactions of this kind.
The breach, which appears to have occurred in February 2023, does not involve customer data, according to Acer. Bleeping Computer says that it contacted Acer for a statement and that it received the following reply from the company:
"We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.
While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server."
According to this information, the threat actor managed to gain access to a document server that Acer repair technicians use; this would explain, why the attacker could not download customer data from the server.
It is unclear how exploitable the information really is. A potential buyer could exploit the data in different ways, including through blackmail, identity theft or fraud. Depending on the data, there is also a possibility that an analysis reveals new security vulnerabilities in Acer products or infrastructure.
While Acer customers are not affected directly, it is a good safety measure to keep devices up to date and properly secured with strong unique passwords and, if supported, two-factor authentication protections.
The February 2023 breach is not the first that Acer suffered in the past couple of years. In Marc 2021, Acer devices were infected with ransomware, and the attackers requested a then-record breaking payment of $50 million U.S. dollars in exchange for the encryptor.
In the same year, Acer India suffered an attack on its after-sales system. The hackers managed to obtain more than 60 gigabytes of data from Acer servers. This data bundle included information on customers, distributors and retailers. The same group managed to breach Acer's Taiwanese servers as well. They stole employee information and login credentials at the time.
I have an Acer Aspire 772G, but according to them it doesn’t exist. At the time I was looking for a BIOS update, but couldn’t identify the machine on their site even though I supplied the correct SNID (serial number ID). They kept saying that I’d made a mistake somewhere and suggested I use their app to identify it instead. But that came back as a non-existent machine as well even though I sent them a screenshot of the results.
Unfortunately, the vendor, namely Dixons went out of business in the Netherlands so I couldn’t resolve the issue through them.
Never upload unencrypted files to the cloud. And never means never.
Thanks for the article!