Acer, the sixth-largest PC maker in the world, has confirmed that it suffered a data breach in mid-February 2023 that compromised its intellectual property and other sensitive data.
The hacker, who goes by the name Kernelware, breached a server that was used by technicians and stole over 2,869 files and 655 directories, totaling around 160 gigabytes of data.
Acer has confirmed the breach and stated to multiple publishers “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server”.
Kernelware has posted on BreachForums that they are selling Acer’s confidential presentations, technical manuals used by company staff, Windows Imaging Format files, backend infrastructure information, confidential product documents, and more.
In addition, they claim to have stolen Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components, and ROM files.
Interestingly, the post has since disappeared from Breachforums. Could this be due to legal or law enforcement intervention?
This is not the first time that Acer has confirmed a data breach. In October 2021, the Taiwanese tech giant acknowledged that servers located in India and Taiwan were hacked, and a group claimed to have stolen more than 60 gigabytes of data from the company’s systems.
