Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Acer Suffers Data Breach Through Online Store (itproportal.com) 32

Sam Pudwell, writing for IT Pro Portal: Taiwanese hardware and electronics giant Acer has announced that it has suffered a data breach via its e-commerce site, and is preparing to inform those customers affected. Due to unauthorised access by a third-party, anyone who accessed the online store between 12 May, 2015 and 28 April, 2016 could have had their personal information compromised. Acer revealed that names, addresses, payment card numbers, card expiration dates and card security codes may have been accessed by the hackers but, following investigations by internal and external professionals, believes login details were not compromised.
This discussion has been archived. No new comments can be posted.

Acer Suffers Data Breach Through Online Store

Comments Filter:
  • I thought Acer went out of business the same time as CompUSA did.
  • by aglider ( 2435074 ) on Friday June 17, 2016 @11:07AM (#52336825) Homepage

    believes login details were not compromised.

    I don't really care about "names, addresses, payment card numbers, card expiration dates and card security codes".
    All I need to live is my username and password at Acer shop! I'm a lucky guy!

  • Those should not have been stored on their system at all. It is against the agreement with the CC companies.
    • by Calydor ( 739835 )

      Depends on the kind of intrusion. If their e-commerce site essentially got turned into a keylogger, which seems likely given everything seems to have been taken except login details, then the security code gets grabbed just like all the other fields.

    • Also storing CC numbers and details is something questionable.
      The only pros are for the seller, not for the buyer.
      And this case is clearly showing it. Once again.
    • $50,000.00 per instance, is what MasterCard can fine a merchant for storing the security code. It's right there in the merchant agreement. Do you think they'll enforce that provision?
  • by Anonymous Coward

    On storing Credit Card data? I once purchased from a tech outfit that stated up front they did not store credit card data. Once a transaction had been verified by the credit card company, the tech outfit deleted it from their secure sever. It was their stated opinion that the best way to protect (the customer's) credit card data was to not store it. If you don't have it, no one can steal it.

    • On storing Credit Card data?

      Not all companies do. For example, Digi-Key gives asks me if I want my CC data saved. Of course, I always decline.

      • Not all companies do. For example, Digi-Key gives asks me if I want my CC data saved. Of course, I always decline.

        No decent company stores your credit card number. Ever. What they can do is exchange the credit card number into a token that allows them to move money from your account into theirs. If that token is stolen, the hacker cannot put any money into their account.

        Seems Acer is not a decent company.

    • On storing Credit Card data?

      Refunds and reporting. You can't issue a refund without the card number. You certainly don't need to store the security code though, and if i remember correctly, you can still push a refund through with an invalid expiration date. The better question is why this information was stored unencrypted, and specifically in-house. When I was tasked with auditing the credit card software my company used, I was appalled by what I found. There was just no way to secure it, so we dumped it and went with an outside ven

  • I always used to think that large businesses, governments, etc. were incredibly careful with things they exposed to the Internet, and that breaches were mainly caused by unpatched vulnerabilities or just coding mistakes. However, when you see a breach that involves full credit card details being leaked, you can tell that a lot of the problem is a lack of standards. At least in the US, businesses aren't allowed to store or transmit card details unencrypted. I'll bet that data was never encrypted in the first

  • Recent articles on the lack of security for their laptop hardware & OS/firmware (at the bottom of the pile of Windows laptops) indicates that ACER is simply not interested in security for its users.

    How long before users bail on ACER?

  • When will someone go to prison for storing credit card information in plaintext? Put the VP in charge of that division in prison for 6 months and make the company pay restitution to the financial institutions that have to issue new cards with new account numbers. And $50 to each consumer because now they have to spend a couple hours updating their billing information with all of their online vendors.

    There's no excuse for this shit.

Money will say more in one moment than the most eloquent lover can in years.

Working...