Acer said detected an incident of unauthorized access to one of its servers. However, the Taiwanese hardware and electronics giant says the intrusion doesn't affect user data.
A threat actor posted Acer’s data on a popular hacking forum, alleging the stolen dataset contains 160GB of data from several hundred directories with nearly 3,000 files. Acer’s leaked dataset includes confidential product model documentation, binaries, backend infrastructure, and other sensitive data, attackers claim.
The company confirmed there was indeed a breach of its IT systems.
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server, ” Acer's representative told Cybernews.
The dataset supposedly includes a trove of corporate data such as supposedly confidential presentations, staff manuals to technical issues, Windows imaging format files, allegedly confidential product model documentation of various devices, replacement digital product keys (RDPKs), and other data.
For example, losing RDPKs could result in lost revenue as the company would have to spend time and money to reissue them to affected users.
Malicious actors behind the hacker forum post claim that the leak dates to February 2023. If confirmed, the post would point to a breach separate from the one Acer experienced in 2021, when REvil ransomware attacked the company, demanding $50 million in ransom.
The Cybernews research team confirmed that sample data in the post contains files dated 2022, potentially indicating a separate breach. However, the team pointed out that the seller could have modified the data to look more recent to dupe other malicious actors into buying it.
Acer, headquartered in Taiwan, is among the world’s largest hardware and electronics companies, employing over 7,800 people. The company’s reported revenue for 2021 was over NT$10 billion.
More from Cybernews:
Subscribe to our newsletter