Acronis states that only one customer’s account has been compromised. Much ado about nothing

Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised.

The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted.

This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and started leaking it on the cybercrime forum Breached Forums.

The threat actor is the same who recently offered for sale the data stolen from Taiwanese multinational hardware and electronics corporation Acer.

The Acronis leak contains multiple certificate files, command logs, system configurations, system information logs, filesystem archives, python scripts for the company’s maria.db database, backup configuration stuff, screenshots of backup operations,

“Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended account access as we resolve the issue. We also shared IOCs with our industry partners and work with law enforcement.” said Acronis CEO Kevin Reed. “No other system or credential has been affected. There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer. Our security team is obviously on high alert and the investigation continues.”

The company added that its products were not affected by the security breach and that it is not aware of vulnerabilities affecting its systems.

The threat actors compromised the single account after having obtained its login credentials.

Kernelware pointed out that despite Acronis offers data protection services, “they have dogshit security with the slogan “All-in-one Cyber Protection”. Pretty ironic lol.” The threat actor shared a 12.2GB archive containing the stolen files.

Clearly, if the investigation will confirm that only a single account has been compromised, there is no reason to believe that the company hasn’t a good security posture.

Much ado about nothing!

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Acronis)