Acer discloses a new data breach, 160 GB of sensitive data available for sale

Taiwanese multinational hardware and electronics corporation Acer discloses a data breach after a threat actor claimed the hack of the company.

Recently a threat actor announced the availability for sale of 160 GB of data allegedly stolen from the Taiwanese multinational hardware and electronics corporation Acer.

The threat actor announced the hack on a popular cybercrime forum, he claims to have stolen about 2869 files. The stolen files include confidential product model documentation, binaries, backend infrastructure, BIOS information, and other sensitive data.

Reads the post published by the seller on Breached Forums:

The leak contains a total 160GB of 655 directories, and 2869 files. It includes:

Confidential slides/presentations
Staff manuals to various technical problems
Windows Imaging Format files
Tons of binaries (.exe, .dll, .bin, etc…)
Backend infrastructure
Confidential product model documentation and information of phones, tablets, laptops, etc…
Replacement Digital Product Keys (RDPK)
ISO files
Windows System Deployment Image (SDI) files
Tons of BIOS stuff
ROM files

(honestly there’s so much shit that it’ll take me days to go through the list of what was breached lol)

Acer confirmed the incident and discloses a data breach, the company said that attackers have compromised one of its servers.

“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server, ” Acer’s representative told Cybernews.

The seller is a reputable member of the forum, he states that only accepts payments in Monero cryptocurrency and will only sell with the escrow.

The seller added that the data was stolen in mid-February.

In October, the tech giant was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, then he claimed to have also breached some systems in Taiwan.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, acer)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.