Acer, a global Taiwanese company that makes hardware and electronics, has admitted that one of its servers was compromised. Attackers broke into document servers used by repair technicians and stole 160GB of data, which was then sold.
Yet according to the company, the findings of its preliminary inquiry do not show that this security problem has affected consumer data.
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.” – Acer.
More Than 160GB of Data Are Offered For Sale
The Bleeping Computer report says that the data breach has been confirmed after a threat actor who claims to have stolen data from Acer in mid-February 2023 started selling it on a well-known hacking forum.
Acer data put up for sale on hacker forums
Data from Acer is being offered for sale on hacker forums
The threat actor alleges that the stolen data includes replacement digital product keys (RDPK), BIOS images, ROM files, ISO files, software tools, backend infrastructure information, and product model documentation for phones, tablets, and laptops.
Particularly, the threat actors released screenshots of technical schematics for the Acer V206HQL display, documents, BIOS definitions, and confidential files as evidence that they had stolen data.
The data poster stated that they were selling the complete dataset to the highest bidder and clarified that they would only take payment in hard-to-trace cryptocurrency Monero (XMR).
Hence, always take precautions to safeguard your sensitive data and systems, including using strong passwords, enabling multi-factor authentication, updating your software and firmware, and keeping an eye out for any unusual behavior.
Acer, a Taiwanese–based electronics manufacturer, recently suffered a data breach in which over 160GB of data was stolen. Hackers were able to gain access to company networks and gain access to sensitive data, including user account information, financial records, and other confidential information. This breach is a reminder of the importance of cybersecurity and the need for companies to keep their networks secure.