Cyberattack targets Acer's Indian aftersales systems, steals 60GB of data
What's the story
Taiwanese computer hardware manufacturer Acer, on October 15, confirmed that it had been the victim of a recent cyberattack that targeted its aftersales service systems in India.
Over 60GB of databases and files containing important information were stolen by the attackers and the login credentials of Acer retailers and distributors in the country were compromised too.
Here are more details about the attack.
Scope of attack
Stolen data includes distributor details, customer data, financials
Although Acer termed it "an isolated attack" on its systems, the attackers made away with valuable customer data, corporate data, financial information, and login credentials for Acer's India distributors.
The attack was orchestrated by a hacker group called Desorden. It claimed responsibility for the attack on a popular hacker forum and said "millions of customers" are affected by the attack.
Proof
Hackers uploaded proof that they actually stole data
As proof of a successful attack, Desorden's post contained a link to a video showing the stolen files and databases.
As a sample, it also uploaded records of 10,000 customers and over 3,000 distributors but the email addresses had been redacted.
The hacker group emphasized that this is the second cyberattack Acer witnessed this year.
Do you know?
Acer also suffered a ransomware attack in March this year
In March, Acer was targeted by hacker group REvil using a ransomware attack. The group demanded $50 million for a decryption key to get the stolen data back. At the time, it was the largest publicly known ransom demanded for data.
Company speaks
Attack has no material impact on operations, business continuity: Acer
Acer confirmed the cyberattack. An Acer Corporate Communications spokesperson told Bleeping Computer that upon detection, "security protocols" were immediately initiated and a full scan of its systems was conducted.
The spokesperson added that the company is notifying potential victims of the attack in India.
Acer said that the incident was reported to local law enforcement and the Indian Computer Emergency Response Team (CERT-In).
Ambiguity
Acer never said if it paid REvil the demanded ransom
Acer refused to provide additional details, reportedly "for the sake of security" and because there is an "ongoing investigation."
As for whether or not it paid the $50 million ransom demanded by REvil in March, Acer remained ambiguous and told Bleeping Computer that "recent abnormal situations" had been reported to the relevant law enforcement and data protection agencies.