Acer confirms breach of after-sales service systems in India

Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called “an isolated attack.”

“Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India,” an Acer Corporate Communications spokesperson told BleepingComputer.

“The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”

While Acer didn’t provide details regarding the attackers’ identity behind this incident, a threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers.

The allegedly stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India.

As proof, the threat actor provided a video showcasing the stolen files and databases, the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers.

Acer breach
Acer breach (BleepingComputer)

Second breach within seven months

This is the second time the computer giant’s systems have been breached this year after the ransomware attack claimed by REvil in March.

Acer was asked to pay $50,000,000 for a decryptor and to get back the stolen data, the largest publicly known ransom at that date (REvil broke their record in July, asking Kaseya to pay a $70 million ransom.)

When asked by BleepingComputer to confirm the March ransomware attack, Acer did not provide a clear answer, instead saying that they “reported recent abnormal situations” to relevant law enforcement agencies and data protection authorities.

To additional requests for more details, Acer replied by saying that “there is an ongoing investigation and for the sake of security, we are unable to comment on details.”

Advanced Intel’s Vitali Kremez told BleepingComputer that Advanced Intel’s Andariel cyber intelligence platform spotted the Revil gang targeting a Microsoft Exchange server on Acer’s domain before the attack.

Andariel feed showing an Acer Exchange Server being targeted
Andariel feed showing an Acer Exchange Server being targeted

Acer is a Taiwanese multinational specialized in hardware and electronics and the world’s sixth-largest PC vendor by unit sales, according to Gartner.

The company has approximately 7,000 employees in 40 countries worldwide and has reported earned $8.34 billion in 2019.