[TheRecord] Acer confirms second security breach this year

A spokesperson for Taiwanese computer maker Acer has confirmed today that the company suffered a second security breach this year after hackers advertised the sale of more than 60 GB of data on an underground cybercrime forum.

Supposedly containing customer details and login information for Indian retailers and distributors, the data was shared on RAID, a forum used by threat actors over the past years to extort companies and sell stolen data.

Samples of the stolen data, along with a video of the rest of the files, were shared by the threat actor.

The Record was able to confirm some of the data that was leaked on Wednesday.

Image: The Record

Responding to a request for comment sent yesterday by The Record, an Acer spokesperson confirmed the hack in an email earlier today, after the company notified its security team and investigated the hackers’ claims.

The full unedited statement is available below:

We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.

Steven Chung, Acer Corporate Communications

Although the hackers behind this second breach offered to respond to reporter requests, they have yet to return a request for comment sent yesterday.

Today’s confirmation marks the second security breach that Acer has suffered this year after falling victim to a ransomware attack in March, during which the REvil ransomware group demanded a whopping $50 million from the computer maker.

This is also the second time Acer India’s network has been breached after hackers stole 20,000 user credentials back in 2012.

The post Acer confirms second security breach this year appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Oregon medical group notifies 750,000 patients of breach, says FBI seized accounts from HelloKitty ransomware

All posts, ZDNet

The FBI told Oregon Anesthesiology Group that a Ukrainian hacking group had an account that contained sensitive OAG patient and employee files. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

All posts, HackerNews

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file […]

Read More

[NCSC-FI News] ESET Research webinar: How APT groups have turned Ukraine into a cyberbattlefield

Ukraine has been under cyber-fire for years now here’s what you should know about various disruptive cyberattacks that have hit the country since 2014 Source: Read More (NCSC-FI daily news followup)

Read More