After an unidentified individual posted a 160GB database of what they claim to be Acer’s confidential information for sale, the company has confirmed that one of its servers was breached.
“We have recently detected an incident of unauthorized access to one of our document servers for repair technicians.”
Kernelware reported that the stolen goods comprised a variety of sensitive material, including confidential slides, presentations, and technical manuals for staff, as well as Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.
“While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server.”
Kernelware, an individual who identifies themselves as such, posted on the cyber crime forum BreachForums on Monday claiming to have stolen “various confidential stuff” from Acer. The data allegedly stolen totals 160GB and comprises 655 directories and 2,869 files.
The thief announced that they will accept payment solely in Monero cryptocurrency for the stolen data and will only sell the data through a middleman. Although no specific price has been mentioned, interested buyers are instructed to make private offers through direct messaging.
In a recent statement, Erich Kron, who works as a security awareness advocate at KnowBe4, explained that a data breach doesn’t always have to involve personal or financial information to be considered worrisome. In this particular case, Acer may be at risk of having its confidential company documents and intellectual property exposed.
You can also follow the story on Reddit