What just happened? Acer has confirmed that an unauthorized user recently broke into one of its data servers. Although the company’s investigation is still ongoing, the Taiwanese computer specialist said there was no indication any consumer data was stored on the infected server. However, this does not mean that it is not a problem because the technical documents and the company’s IP address can be very harmful in the wrong hands.
Earlier this week, a hacker posted a classified ad for 160GB of “miscellaneous secret stuff” from Acer. The vendor claimed that the checkout consists of 2,869 files across 655 directories and includes a variety of contents such as service manuals, ISO files, BIOS and ROM files, confidential slides/presentations, and more.
The hacker said there was so much content it would only take days to index it all. The seller added that they will only accept Monero (a decentralized cryptocurrency) for payment, and will only do the transaction with a broker. Prices are not listed. Whoever bids the highest will likely get the goods.
An Acer spokesperson told The Register that the server in question hosted documents used by repair technicians.
As security expert Eric Kron correctly points out, not all data breaches need to contain financial details or information about customers or employees to be malicious. “In this case, it is possible that Acer will look to release some of its intellectual property rights and potentially sensitive corporate documents,” Kron added.
Technical details about products or company procedures can be invaluable to competitors seeking to replicate Acer’s success. Furthermore, hackers can extract important insights into the inner workings of products or services from documents that may lead to new exploits.
This isn’t the first major security incident that Acer has dealt with in recent memory. Back in March 2021, the company was hit by REvil ransomware. The attackers demanded $50 million in Monero for the decryption key.
Months later, hackers infiltrated Acer’s operating servers in India, reportedly eliminating 60GB of data in the process. This was followed by a secondary attack on servers in Taiwan. In both incidents, a group known as Desorden claimed responsibility.
Image credit: Hugo Clement