Acer hacked twice in a week by the same threat actor

Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.

Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information.

Acer later confirmed the breach but stated it was an "isolated attack," affecting only their after-sales service systems in India.

Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information.

They also shared images of an internal Acer Taiwan portal and CSV files containing login credentials for Acer employees.

The threat actors told BleepingComputer that they performed the attack to prove that Acer is still vulnerable.

"We did not asked for separate payment on the taiwan breach. it was meant to prove our point that Acer has neglected their cybersecurity." - Desorden.

Acer Taiwan took down the vulnerable server soon after the threat actors reported the breach to the company. However, the hacking group states that other servers in Malaysia and Indonesia are still vulnerable.

Yesterday, Acer confirmed the attack in a statement to BleepingComputer and said the Taiwan breach only involved employee data.

"We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity." - Acer.

In addition to these two breaches, Acer suffered another cyberattack in March 2021 after the REvil ransomware gang encrypted their network and demanded a $50 million ransom.

Desorden has a prior history of performing corporate breaches and leaking data if a ransom is not paid.

In September 2021, Desordern claimed to have breached ABX Express, a subsidiary of Kerry Logistics, and stolen 200 GB of data, including customers' personal information.