Taiwanese hardware vendor Acer (opens in new tab) has confirmed that hackers have managed to break into its after-sales service system in India, without sharing more details.
Notably however, privacy watchdogs PrivacyAffairs (opens in new tab) had already shared news of the breach after discovering data from the breach being auctioned on a popular underground forum.
“On a forum post today – 13 October – the hacker group Desorden announced that it had hacked and breached the Indian servers of Acer,” wrote (opens in new tab) PrivacyAffairs’ founder Miklos Zoltan.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best endpoint protection tools (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
According to Zoltan, the stolen data appears to include login details and other personally identifiable information (PII) of Acer retailers and distributors in India.
Supply chain exposed
An Acer spokesperson told BleepingComputer that upon detecting the breach, its Indian subsidiary immediately initiated their security protocols. The incident has been reported to the local law enforcement, and has initiated the process to notify all affected customers.
Importantly, the spokesperson insisted that the incident has had “no material impact to our operations and business continuity.”
While Acer hasn’t shared details about the breach, PrivacyAffairs reports that the hackers claim the breach affects the data of millions of Acer customers.
In fact, the confident hackers have posted ten thousand records from their ill-gotten stash to prove its authenticity. PrivacyAffairs used this PII that was posted for free to successfully contact multiple individuals.
Neither the hackers, nor Acer have shared how the attackers managed to break into the servers and make their way with over 60 GB of sensitive data, which besides PII of individuals also contains details about the subsidiary’s accounts, financial, and audit information.
- Check our list of the best firewall apps and services (opens in new tab)
Via BleepingComputer (opens in new tab)