Acer, the Taiwanese PC specialist, has recently confirmed that an unauthorized user breached one of its data servers. While the company’s investigation is ongoing, Acer stated that there is no indication that any consumer data was stored on the affected server. However, this does not diminish the severity of the breach, as the leaked documents could still cause significant harm in the wrong hands.
This week, a hacker advertised 160GB of “various confidential stuff” from Acer, including service manuals, ISO files, BIOS and ROM files, confidential slides/presentations, and more. The seller claimed that the haul consists of 2,869 files across 655 directories, and it would take days to catalog all of them. The hacker said that they would only accept Monero, a decentralized cryptocurrency, for payment, and only through a middleman. The highest bidder will presumably obtain the documents.
According to an Acer spokesperson, the server that the hacker breached hosted documents utilized by repair technicians. As security expert Erich Kron points out, data breaches do not always have to contain financial information or personal data to be harmful. In this case, the release of Acer’s intellectual property and potentially sensitive company documents could cause significant damage. Competitors could use technical information about products or corporate procedures to replicate Acer’s success, and hackers could use the documents to gain valuable insights about the company’s inner workings.
Unfortunately, this is not the first major security incident Acer has faced recently. In March 2021, the company was hit by the REvil ransomware, and attackers demanded $50 million in Monero for the decryption key. Later on, hackers infiltrated Acer servers operating in India, reportedly making off with 60GB of data. Desorden, a group that claimed responsibility for both incidents, conducted a secondary attack on servers in Taiwan.
Acer’s repeated security incidents highlight the importance of strong cybersecurity measures, especially for companies that deal with sensitive corporate information. The company should prioritize implementing robust security protocols, including encrypting all sensitive data and ensuring that all security systems are up-to-date and effective. By doing so, Acer can help prevent future security breaches and protect its valuable intellectual property from falling into the wrong hands.