The hacker organization Desorden (Chaotic in Spanish) claimed responsibility for the full-scale hacking of Acer’s server clusters in India through a forum post. The hacking took place on October 5th, leading Desorden to claim that it had obtained approximately 60 GB of sensitive data from millions (mainly but not limited to) Indian citizens whose personal data was stored on Acer’s servers.
The group conducted free “peeping” on some of the collected data and disclosed customer information of tens of thousands of people. Personal data, company data, as well as sensitive account, financial and audit data have been leaked.The Department of Privacy Affairs was the source of the first violation report on October 13, and it stated that it had Independent confirmation Data accuracy of some affected customers, including login details from Acer retailers and distributors in India.
The violation was carried out on acer.co.in, the Indian subsidiary of the Taiwanese manufacturer. Acer spokesperson Steven Chung said in an interview with privacy affairs, “We have recently detected an isolated attack on our local after-sales service system in India. Upon discovery, we immediately activated the security agreement and performed a full scan of our system. We are informing all customers in India who may be affected. The incident It has been reported to local law enforcement agencies and the Indian Computer Emergency Response Team, and has no significant impact on our operations and business continuity.”
As is usually the case for such transactions, Desorden now sells the remaining data to the highest bidder. The 10,000 individuals who exposed their personal data are just to prove the accuracy of the data, which has a potential negative impact on every affected user. The hacker group claimed that it will provide Acer management with the right to verify all data stolen.
This is the second such intrusion into Acer’s system only in 2021. The company already faced a similar situation in March of this year, when REvil paid a ransom of US$50 million for illegally obtained Acer financial spreadsheets, bank balances and bank communication data.
As for Desorden, this is the second time the organization claimed to have launched an attack in October alone; they also hacked SkyNet.com.my Malaysia Logistics and leaked the personal data of millions of customers. When Desorden described his operations, he emphasized chaos, rather than the profit/risk ratio of the more common bad hackers. He said:Destructive attacks on the supply chain will cause a higher degree of disorder and chaos, affecting multiple parties rather than the victims themselves. If the victim does not pay, Desorden will sell the data on the black market within a few days. “