Acer, hacked twice in one week by the same threat group.

Acer was hacked for the second time in just one week by the same hacking group, it has been learned.

A threat group called “Desorden” sent an email to journalists, telling them that it had hacked Acer India’s servers and stolen data, including customer information.

Afterwards, Acer confirmed the intrusion, but said it was a “single attack” and only affected after-sales service systems in India.

Less than a week later, Desorden made a statement on October 15 that it had broken into Acer’s servers in Taiwan and stolen information about its employees and products.

The attack also exposed images of Acer’s internal portal in Taiwan and a CSV file containing login credentials of Acer employees, proving that Acer is still vulnerable.

This was meant to prove our point that Acer is neglecting cybersecurity. – Desorden

Acer shut down the vulnerable server soon after the intruder reported it to the company, but the hacking group commented that other servers in Malaysia and Indonesia were still vulnerable.

Acer confirmed the attack and said the breach in Taiwan only involved employee data.

We have recently detected a single attack on our local after-sales service system in India and a further attack in Taiwan.

After detection, we immediately initiated security protocols and performed a full scan of our systems.

We have notified all potentially affected customers in India, but the attack on our systems in Taiwan did not include any customer data.

This incident has been reported to local law enforcement and relevant authorities and will not have a material impact on our operations and business continuity.Acer

In addition to these two breaches, Acer also suffered a cyberattack in March 2021, when the ransomware REvil encrypted data and demanded a $50 million ransom.

Desorden has a history of carrying out corporate intrusions and exfiltrating data when ransoms are not paid, and in September 2021 Desordern hacked into ABX Express, a subsidiary of Kerry Logistics, and stole 200GB of data, including customers’ personal information. He commented.