Unknown persons capture around 160 GByte of data. According to Acer, no customer information is affected. The perpetrator offered the data for sale on a cybercrime forum.
Acer has confirmed that unknown persons have broken into the company’s computer systems. In an email obtained by SecurityWeek, the Taiwanese PC maker admits that a document server was compromised. Previously, a hacker had claimed to be in possession of about 160 GB of data from Acer.
“We recently identified an incident where unauthorized access was gained to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no evidence that consumer data was stored on this server,” Acer’s email states.
Data is for sale on the Internet
In a statement, Acer confirmed that the data – more than 2800 files – is for sale on a cybercrime forum. The vendor is asking for an unspecified purchase price, to be paid in the cryptocurrency Monero.
The hacker also claims in his ad on the forum that the data includes confidential presentations, among other things. He also captured instructions on how to solve technical problems, image files, binary files and also confidential product documentation on phones, laptops and other devices. ISO files and Windows System Deployment Images (.sdi files) were also part of his haul, he said.
The breach is believed to have occurred in February, according to the hacker. A screenshot of the offering on the underground forum published by SecurityWeek also classifies the hacker as an “experienced” user with “god” status.
According to the report, Acer was the victim of a hacking attack back in October 2021. At that time, a hacker group got hold of about 60 GB of data from servers in India and Taiwan.