- Acer India’s website was hacked by hacker group Desorden, resulting in the leaking of millions of sensitive details.
- They have released a sample 10,000 private client data sets for free and said they will sell others.
- Acer claimed the breach did not affect their ongoing operations and they have informed Indian cybersecurity authorities about it.
Acer, the popular Taiwanese multinational hardware and electronics company, has been hacked by the hacker Group Desorden. The actors announced the breach on a dark web forum and published a sample of 10,000 sensitive details as proof, allowing Acer to verify the data is authentic. On October 14, Acer confirmed. This server breach seems to have occurred on October 5, 2021.
Desorden announced in a forum post that they had breached the company’s Indian servers hosting their "acer.co.in" website, claiming they stole 60 GB worth of data from these servers. The stolen data included sensitive customer details, corporate operations, and financial audit data, but also login details of Acer retailers and distributors. Privacy Affairs, the publication that first released the story, checked the data authenticity by contacting some compromised clients.
According to a statement by Acer spokesperson Steven Chung, the attack was an isolated breach of the company’s after-sales service system in India. The company launched its security protocols immediately upon upgrade and conducted a complete scan. They have moved to inform all potentially affected clients across India, as well, and reported the incident to local law enforcement, including the Indian Computer Emergency Response Team. Chung also stated the breach had no impact on their ongoing operations.
The Desorden hacker group is also linked with other cybersecurity attacks. They claimed to have stolen 200 GB of data from the Malaysian division of ABX Express Enterprise on September 23, 2021. They also hacked SkyNet.com.my Malaysia Logistics and sold the personal data of millions of clients. They also hacked into the Singaporean division of the ProTemps’ website, a recruitment and HR company.
This is the second major attack suffered by Acer in 2021. The first one was a major ransomware attack perpetrated by REvil, where the cybercriminals demanded $50 million in ransom.