Taiwanese hardware vendor Acer has confirmed that hackers have managed to break into its after-sales service system in India, without sharing more details.
Notably however, privacy watchdogs PrivacyAffairs had already shared news of the breach after discovering data from the breach being auctioned on a popular underground forum.
“On a forum post today – 13 October – the hacker group Desorden announced that it had hacked and breached the Indian servers of Acer,” wrote PrivacyAffairs’ founder Miklos Zoltan.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
According to Zoltan, the stolen data appears to include login details and other personally identifiable information (PII) of Acer retailers and distributors in India.
Supply chain exposed
An Acer spokesperson told BleepingComputer that upon detecting the breach, its Indian subsidiary immediately initiated their security protocols. The incident has been reported to the local law enforcement, and has initiated the process to notify all affected customers.
Importantly, the spokesperson insisted that the incident has had “no material impact to our operations and business continuity.”
While Acer hasn’t shared details about the breach, PrivacyAffairs reports that the hackers claim the breach affects the data of millions of Acer customers.
In fact, the confident hackers have posted ten thousand records from their ill-gotten stash to prove its authenticity. PrivacyAffairs used this PII that was posted for free to successfully contact multiple individuals.
Neither the hackers, nor Acer have shared how the attackers managed to break into the servers and make their way with over 60 GB of sensitive data, which besides PII of individuals also contains details about the subsidiary’s accounts, financial, and audit information.