Acer admits leakage of information from sellers and distributors
Acer admitted this Friday (15) being the victim of a cyber incident that resulted in the compromise of information from vendors and distributors in India, also affecting the company’s own device users. The case happened after the invasion of a server belonging to their after-sales systems, with a volume whose records can affect millions of people who purchased machines in the country.
The news of the publication of the information was given, first, by the organization PrivacyAffair, focused on privacy and protection of personal data. According to the researchers, the set was released by a member of the cybercriminal group Desorden and contains logins, passwords and personal information obtained from the brand’s partners, including data that personally identifies individuals and can be used in new scams. A sample, with thousand entries, proves the veracity of the material.
In total this would be 35 GB of files in an information set that would also include internal information of the company’s Indian operations. According to the criminals, banking and financial data, as well as audit reports and other documents that should be confidential are also part of the leak, which does not include direct emails, with the responsible person promising to leak an even more complete data collection in the future.
Acer informed that all security protocols were initiated as soon as the intrusion was identified, with those affected being notified and a joint work with the authorities already underway. The company did not reveal details about the case, stating only that it will not be responsible for impacts on its business in the region. When verifying the sample published by the criminals, PrivacyAffair said it used the information to speak directly about the victims, alerting them to the leak. The fear now is regarding the use of credentials to compromise accounts on social networks and other services, as well as the application of scams on behalf of Acer and other companies, from the compromised data. The recommendation is to pay attention to phishing emails or communications via instant messengers, especially if they include registrations, requests for new data, links or files for download. The case also represents the second time Acer is committed to 660. In March, the tech maker was one of the victims of the REvil ransomware gang, in one of the biggest cases of its kind at the time, with a ransom demand in the amount of US$ 50 millions so he could regain access to your information. Source: Bleeping Computer
Acer informed that all security protocols were initiated as soon as the intrusion was identified, with those affected being notified and a joint work with the authorities already underway. The company did not reveal details about the case, stating only that it will not be responsible for impacts on its business in the region.
When verifying the sample published by the criminals, PrivacyAffair said it used the information to speak directly about the victims, alerting them to the leak. The fear now is regarding the use of credentials to compromise accounts on social networks and other services, as well as the application of scams on behalf of Acer and other companies, from the compromised data. The recommendation is to pay attention to phishing emails or communications via instant messengers, especially if they include registrations, requests for new data, links or files for download.
The case also represents the second time Acer is committed to 660. In March, the tech maker was one of the victims of the REvil ransomware gang, in one of the biggest cases of its kind at the time, with a ransom demand in the amount of US$ 50 millions so he could regain access to your information.
Source: Bleeping Computer
