Published on
Oct 17, 2021, 12:27 pm
Cyberattack targets Acer’s aftersales methods in India, steals 60GB of necessary data
Taiwanese pc {hardware} producer Acer, on October 15, confirmed that it had been the sufferer of a latest cyberattack that focused its aftersales service methods in India.
Over 60GB of databases and information containing necessary data had been stolen by the attackers and the login credentials of Acer retailers and distributors within the nation had been compromised too.
Here are extra particulars in regards to the assault.
Stolen data consists of distributor particulars, buyer data, financials
Although Acer termed it “an remoted assault” on its methods, the attackers made away with beneficial buyer data, company data, monetary data, and login credentials for Acer’s India distributors.
The assault was orchestrated by a hacker group known as Desorden. It claimed duty for the assault on a preferred hacker discussion board and stated “thousands and thousands of prospects” are affected by the assault.
Hackers uploaded proof that they really stole data
As proof of a profitable assault, Desorden’s put up contained a hyperlink to a video exhibiting the stolen information and databases.
As a pattern, it additionally uploaded information of 10,000 prospects and over 3,000 distributors however the e mail addresses had been redacted.
The hacker group emphasised that that is the second cyberattack Acer witnessed this 12 months.
Acer additionally suffered a ransomware assault in March this 12 months
In March, Acer was focused by hacker group REvil utilizing a ransomware assault. The group demanded $50 million for a decryption key to get the stolen data again. At the time, it was the biggest publicly recognized ransom demanded for data.
Attack has no materials affect on operations, enterprise continuity: Acer
Acer confirmed the cyberattack. An Acer Corporate Communications spokesperson advised Bleeping Computer that upon detection, “safety protocols” had been instantly initiated and a full scan of its methods was performed.
The spokesperson added that the corporate is notifying potential victims of the assault in India.
Acer stated that the incident was reported to native legislation enforcement and the Indian Computer Emergency Response Team (CERT-In).
Acer by no means stated if it paid REvil the demanded ransom
Acer refused to offer further particulars, reportedly “for the sake of safety” and since there’s an “ongoing investigation.”
As for whether or not or not it paid the $50 million ransom demanded by REvil in March, Acer remained ambiguous and advised Bleeping Computer that “latest irregular conditions” had been reported to the related legislation enforcement and data safety companies.