Taiwanese hardware and electronics giant Acer confirmed a data breach after a hacker began auctioning allegedly stolen data on a hacking forum.
According to Acer, unnamed threat actors compromised a server used by repair technicians and stole data that did not include customer information.
Screenshots shared by the hacker show the stolen data includes valuable infrastructure and product technical information.
Acer’s stolen data listed for sale on a hacking forum
A threat actor known as “Kernelware” listed data allegedly stolen from Acer for sale to the highest bidder on a popular underground hacking forum BreachForums, the successor of the seized RaidForums.
The hacker requested payment in Monero (XMR) cryptocurrency, offering to complete the transaction through an intermediary.
The threat actor claims to have stolen 160GB of data in 655 directories and 2,869 files.
“Honestly, there’s so much sh*t that it’ll take me days to go through the list of what was breached, lol,” the threat actor said.
According to the hacker, the stolen data included confidential presentations, technical manuals, windows imaging files, binaries, system deployment images (SDI), replacement digital product keys (RDPK), backend infrastructure data, product model documentation for various devices, and BIOS and ROM files.
They shared screenshots of Acer’s V206HQL display technical schematics, BIOS information, and confidential documents as proof.
If true, the stolen data could expose Acer products’ unknown vulnerabilities and backend infrastructure information, allowing hackers to plan and execute future attacks. Additionally, exposing Acer’s confidential product technical information could leak the PC maker’s intellectual property to its competitors, giving them an unfair competitive advantage.
Meanwhile, Acer has confirmed the mid-February 2023 data breach, adding that customer data was not accessed.
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians,” Acer said. “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”
However, Erich Kron, a security awareness advocate at KnowBe4, warned that data breaches that don’t expose customer information should not be disregarded: “Not all data breaches need to contain personal information about customers or employees, or financial information such as credit cards, to be a concern.”
Acer did not confirm the authenticity of the snapshots posted on the hacking forum or if any ransom demands were made. However, the hacker’s good reputation on the hacking forum and willingness to involve an intermediary give credence to their claims.
“As companies shift away from paying ransoms, threat actors are adapting by increasing their focus on IP data theft to increase the potential business impact of each compromise,” said Tim Schultz, VP of Research & Engineering at SCYTHE. “In the near term, we’ll see the same playbook similar threat actors have taken upon stealing IP and attempting to monetize it.”
Acer’s previous data breaches
Acer is no stranger to data breaches. In March 2021, the PC maker suffered a REvil ransomware attack with hackers demanding $50 million to decrypt computers and avoid publishing stolen data on a hacker forum.
In October 2021, Disorden hackers breached Acer’s systems in India and stole 60 GB of data, including 10,000 customer records, login credentials of 3,000 wholesalers and retailers, and corporate and financial documents. The hackers claimed the attack was not a ransomware incident, and the stolen data was auctioned on the now-defunct hacking forum RAID. The same group also breached Acer’s Taiwan servers and stole employee information, including login credentials.
Chris Hauk, consumer privacy champion at Pixel Privacy, criticized Acer for allegedly failing to disclose data breaches until the stolen data surfaced on a hacking forum.
“Unfortunately, Acer has a history of keeping mum about data breaches, not admitting to a breach until the data from the breach is put up for sale on the dark web,” Hauk said. “Acer needs to get into the habit of immediately announcing hacks as soon as they are discovered. This will alert all affected parties, providing more time to protect against phishing attacks and other kinds of attacks that could be facilitated by using info gleaned in the Acer hacks.”