Hacker group Desorden (Spanish for disorder) via a forum post claimed responsibility for a full-fledged hacking maneuver targeting Acer's server cluster in India. The hack, which took place on October 5th, led Desorden to claim it has obtained around 60 GB worth of sensitive data on millions of (mostly, but not exclusively) Indian citizens whose personal data was stored in Acer's servers.
The group has released a free "sneak peek" at part of the collected data, exposing customer information for ten thousand individuals. Personal data, corporate data, as well as sensitive accounts, financial and audit data have been compromised. Privacy Affairs, the source of the initial breach report dated October 13th, says that it has independently confirmed the data's accuracy for a number of affected customers, which includes login details of Acer retailers and distributors from India.
The breach was conducted on acer.co.in – the Indian subsidiary of the Taiwanese manufacturer. Speaking to Privacy Affairs, Acer spokesperson Steven Chung said that “We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”
As is usually the case in affairs such as this, Desorden is now selling the remaining data to the highest bidder. The 10,000 individuals whose personal data was exposed are only meant to serve as proof of the data's accuracy, with all the potential negative implications for each and every one of the affected users. The hacking group claims that it will be providing Acer management the rights to verify all of the siphoned data.
This is the second such intrusion on Acer's systems in 2021 alone. The company already faced a similar situation in March of this year, when REvil placed a $50 million ransom on illegally obtained data on Acer's financial spreadsheets, bank balances, and bank communications.
As for Desorden, this is the second claimed attack from the group during this month of October alone; they've also hacked SkyNet.com.my Malaysia Logistics, releasing the personal data of millions of clients. Desorden described its operations with an emphasis on chaos rather than the more usual profit/risk ratio of bad hackers, saying that "Desorden attacks on supply chains create higher level of disorder & chaos affecting many parties rather than the victim itself. If victim fails to pay, Desorden sells the data on black market in a few days."