Acer Confirms Unauthorized Access But Says No Consumer Data Stolen

Written by

Taiwanese electronics manufacturer Acer has confirmed an incident of unauthorized access to one of its document servers for repairs technicians.

In a statement shared with Infosecurity via email, the multinational corporation added that it believes no consumer data was accessed due to the breach.

“While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” the company said.

A threat actor self-identified as “Kernelware” claimed responsibility for the hack on a dark web forum earlier this week. They mentioned they executed the attack mid-February and stole 160GB of information from the company, including 655 directories and 2869 files.

In the same forum post, Kernelware offered to sell the allegedly stolen data for XMR (Monero) and provided a sample showcasing slides and presentations, technical manuals, backend infrastructure data, product model documentation and information about several devices, among other things.

Acer has neither confirmed the leak nor whether the data posted by Kernelware is authentic.

According to Tim Schultz, VP of research & engineering at Scythe, the breach may reflect the shifting nature of previously ransomware-focused threat actors.

“As companies shift away from paying ransoms, threat actors are adapting by increasing their focus on IP data theft to increase the potential business impact of each compromise. In the near term, we’ll see the same playbook similar threat actors have taken upon stealing IP and attempting to monetize it,” Schultz said.

Amit Sharma, a security engineer at Synopsys, explained that while details are currently scarce, it’s still essential for the organization to conduct due diligence to contain the attack and ensure data safety.

“Organizations must have multi-layered controls to detect or block these kinds of attacks, but, as the complexity of attacks increases, we need to make it more streamlined and more concrete,” Sharma added.

“These kinds of attacks also give us a fair indication on why it is very important to have asset management in place and take a decision on what needs to be monitored, what is exposed and what should be prioritized.”

The Acer breach comes days after DoControl published a report suggesting public software as a service (SaaS) assets are a significant risk for medium and large firms.

Editorial image credit: Anton Watman /

What’s hot on Infosecurity Magazine?