Hacker group Desorden likely executed the initial attack on Acer India’s servers on October 5, 2021 - the most recent date found in the leaked databases. The breach was first reported by Privacy Affairs on October 13, 2021.
Sensitive data pertaining to over 10,000 individuals were compromised, including:
- Individual customer information
- Corporate customer data
- Financial data
- The login credentials of 3,000+ Acer retailers and distributors in India
Desorden claimed the public disclosure of the data leak is just a “sneak peak” and that they had access to several million customer records, to be released upon payment.
Acer described the incident as an “isolated attack” and said that “security protocols” were being followed.
However, just days later on October 16, 2021, Privacy Affairs reported Desorden had since breached Acer’s Taiwan server and found vulnerabilities on the Malaysian and Indonesian servers.
The Taiwan server targeted in the breach is believed to store employee and product information. Desorden claims they “only took data pertaining to [Acer’s employee details]”, sharing a sample cache that includes passwords to a number of Acer’s Taiwanese servers and internal admin panels.
The group described Acer as “a global network of vulnerable servers” in a forum post and later said the company does not have adequate data security practices for preventing data breaches in an email to Privacy Affairs. That same email also reveals Desorden’s motives as financial.
The Desorden breach occurs in the wake of the $50 million ransomware attack Acer suffered in March 2021 at the hands of notorious group REvil and paints a grim picture of Acer’s current network security and information security efforts.