Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data

Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data
A hacker on a popular forum is claiming to have stolen Acer Inc.’s data in mid-February 2023.

BY
WAQAS
MARCH 6, 2023
3 MINUTE READ
The hacker claims that it took them days to go through the list of what had been allegedly breached.
This article has been updated with a breach confirmation statement from Acer Inc.

Acer Inc., a major global technology company based in Taiwan, is facing a potential data breach from a hacker going by the alias “Kernelware.” The hacker is claiming responsibility for a major data breach at Acer Inc., a leading multinational company based in Taiwan that designs and sells hardware and electronics products.

According to Kernelware, the alleged breach occurred in mid-February 2023 and resulted in the theft of a vast amount of sensitive information, totalling 160GB of 655 directories and 2869 files.

In a post on a hacker forum that surfaced as an alternative to the popular and now-seized Raidforums, Kernelware offered to sell the data trove to interested parties, saying that it contained a wide range of valuable files and documents. The hacker also shared a sample of the stolen data to prove its authenticity.

Acer Data Breach Hacker selling Stolen Data
Post on the hacker forum (Image credit: Hackread.com)
The list of items included confidential slides and presentations, technical manuals, Windows Imaging Format files, binaries of various types, backend infrastructure data, product model documentation, and information about phones, tablets, laptops, and other devices.

The alleged data also contained Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.

Kernelware requested payment in XMR (Monero), a privacy-focused cryptocurrency, and suggested using a middleman to ensure a successful sale. Although it is still unclear whether the data is genuine, the hacker’s willingness to use a third-party and their confidence in the quality of the stolen information indicates that the threat should be taken seriously.

“Honestly, there’s so much s**t that it’ll take me days to go through the list of what was breached lol.”

Kernelware
Acer Inc. has not yet commented on the alleged data breach or the potential sale of its confidential data. However, if verified, the data could provide valuable insights and competitive advantages to Acer’s rivals or malicious actors seeking to exploit the vulnerabilities of its products and services.

Update 07/03/2023: We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.” “While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” an Acer spokesperson told Hackread.com.

The stolen information could be used by cybercriminals for various purposes, including blackmail, identity theft, and fraud. Additionally, the exposure of Acer’s backend infrastructure and product models could reveal vulnerabilities that could be exploited by other attackers.

As always, individuals and organizations are advised to take measures to protect their sensitive data and systems, including using strong passwords, implementing multi-factor authentication, keeping their software and firmware up-to-date, and monitoring for signs of suspicious activity.

The threat of data breaches and cyberattacks is ongoing and evolving, and it requires constant vigilance and preparedness to mitigate the risks.