In the recent case of cybercrime, the Hacker group Desorden (Spanish for the disorder) has claimed responsibility for a full-fledged hacking manoeuvre that recently targeted Acer’s server cluster in India.
The infiltration was carried on October 5th, and Desorden claims that it has obtained around 60 GB worth of sensitive data on millions of Indian citizens whose personal data was stored in Acer’s servers.
The group has released a free “sneak peek” at part of the collected data, exposing customer information for ten thousand individuals. The stolen data contains personal data, corporate data, as well as sensitive accounts, financial and audit data which has been reportedly comprised by the hackers. Privacy Affairs, the source of the initial breach report dated October 13th, has confirmed that some customers have been affected, and the data stolen about them includes login details of Acer retailers and distributors from India.
The breach was conducted on Acer.co.in – the Indian subsidiary of the Taiwanese manufacturer. Speaking to Privacy Affairs, Acer spokesperson Steven Chung said that “We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity.”
The hacker group, Desorden is now reportedly selling the remaining data to the highest bidder. In 2021, this is the second time that Acer’s systems have been intruded in such a way, the company also had to suffer a similar situation in March this year, when REvil placed a $50 million ransom on illegally obtained data on Acer’s financial spreadsheets, bank balances, and bank communications.\
“Desorden attacks on supply chains create a higher level of disorder & chaos affecting many parties rather than the victim itself. If the victim fails to pay, Desorden sells the data on the black market in a few days.”