Acer confirms breach after 160GB of data for sale on hacking forum

Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians.

However, the company says the results of its investigation so far do not indicate that this security incident has impacted customer data.

The confirmation of a data breach comes after a threat actor began selling on a popular hacking forum what they claim is 160GB of data stolen from Acer in mid-February 2023.

The threat actor claims the stolen data contains technical manuals, software tools, backend infrastructure details, product model documentation for phones, tablets, and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).

As proof that they stole data, the threat actor shared screenshots of technical schematics for the Acer V206HQL display, documents, BIOS definitions, and confidential documents.

The poster of the data said they were selling the entire dataset to the highest bidder, clarifying that they would only accept the hard-to-trace cryptocurrency Monero (XMR) as a form of payment.

After contacting Acer about the data breach, a company spokesperson confirmed to BleepingComputer that it suffered a breach on one of its document servers.

"We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.

While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server." - Acer.

This breach comes after Acer suffered other security incidents in the past few years.

In March 2021, the computer maker was hit by the REvil ransomware gang, demanding a record-breaking ransom payment of $50,000,000 in exchange for a decryptor while threatening to leak confidential financial documents.

In October 2021, Acer confirmed that its after-sales systems in India had been breached by a hacking group known as Desorden. Over 60GB of data was stolen from its servers, including records of tens of thousands of customers, distributors, and retailers.

Desorden also breached Acer Taiwan's servers the same week, stealing employee information, including their login credentials.