Acer has been hacked.
The Taiwanese computer giant recently revealed that it suffered a data breach after hackers compromised a server repair technicians use to host private documents.
The company is still investigating the extent of the breach and what it affected.
Acer Data Breach Details
Acer's investigation showed that the hackers managed to access the server technicians used to host private documents and steal a significant amount of data from it, per Bleeping Computer.
Though the company's investigation showed that the hackers were unable to steal any customer data, they managed to rob 2,800 files totaling 160GB of company data and began selling it on a popular hacking forum, claiming that they stole the data in mid-February, per Security Week.
The hacker then claims that the data they stole consists of technical manuals, software tools, backend infrastructure details, and product model documentation for phones, tablets, and laptops. The stolen data also allegedly includes BIOS images, ROM files, ISO files, and replacement digital product keys.
To prove they stole Acer's data, the hacker shared screenshots of technical schematics for the company's V206HQL display, documents, BIOS definitions, and confidential documents.
The hacker then revealed that they were looking to sell the entire dataset to the highest bidder, and they would accept Monero (XMR) as payment. Monero is a cryptocurrency that uses various privacy-enhancing technologies that keeps its users anonymous and hard to trace, per the cryptocurrency's official website.
In contrast, the more popular cryptocurrencies like Bitcoin and Ethereum have transparent blockchains that could be verified and/or traced worldwide.
Erich Kron, a security awareness advocate at KnowBe4, mentioned that Acer is potentially looking at the release of some of its intellectual property and potentially sensitive company documents should the data the hacker stole get sold, per IT World Canada. Unfortunately, the data that the hacker stole can be extremely beneficial to competitors, while the technical information within that 160 GB of stolen data could help hackers and cybercriminals to create exploits targeting Acer's products.
"Not all data breaches need to contain personal information about customers or employees, or financial information such as credit cards, to be a concern," Kron said. "Organizations spend a lot of time and money developing proprietary procedures and processes, as well as technical information about their products."
Acer Data Breach History
Though this is the first time hackers managed to breach Acer's cybersecurity in a long while, this is not the first time the company experienced such an attack. In Oct. 2021, the company admitted that the Desorden hacking group compromised its Indian and Taiwanese servers and stole 60GB of data from the company's systems.
The data Desorden stole included records of tens of thousands of customers, distributors, retailers, and even employee information and login credentials in the same week.
Hackers from the REvil ransomware gang also breached Acer's cybersecurity in March 2021, with the group demanding %50,000,000 as a ransom for the confidential financial documents they stole.