Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Acer Confirms It Was Hacked Again As Culprits Flaunt 60GB of Stolen Customer Data (hothardware.com) 15

For at least the second time in 2021, hackers have breached Acer's servers, this time plundering more than 60 gigabytes of data. HotHardware reports: Acer has confirmed that names, addresses, and phone numbers belonging to several million clients have been compromised in the breach, as well as sensitive corporate financial and audit details. If nothing else, this is certainly bad optics for Acer, which earlier this year was on the receiving end of a massive $50 million ransomware campaign. As proof of the data theft, the ransomware gang posted a bunch of stolen files on the REvil website, including financial spreadsheets, bank balances, and bank communications. It was never made clear if this was partially the result of Microsoft Exchange vulnerabilities that had been used before then by Chinese hackers. In any event, now several months latest, hacking group Desorden said it has infiltrated Acer's servers in India and swiped data relating to "millions" of customers.
This discussion has been archived. No new comments can be posted.

Acer Confirms It Was Hacked Again As Culprits Flaunt 60GB of Stolen Customer Data

Comments Filter:
  • It wasn't "hackers", those bogeymen of the cybertubes, it was and is your own failure to secure your computers and networks. After you had an object lesson you needed to. With as result getting shaken down by enterprising criminals. You may not have noticed, but malware including ransomware is bought or even rented these days. Just like botnets, spamming services, the lot. It's a cottage industry. Pointing your finger at bogeymen means you prefer ignorance over the truth. Truth that will set you free becaus

    • by AmiMoJo ( 196126 ) on Friday October 15, 2021 @03:45AM (#61894265) Homepage Journal

      One of the core principals of GDPR is that companies must minimize the amount of data that they store about a person. Unless there is a good justification for storing an item of data, they should not store it. Time limits on storage should be set as low as possible according to genuine need.

      That way when they get hacked the damage is limited. Unfortunately companies operating outside GDPR tend to just hoover up everything they can get and store it forever.

      • by larwe ( 858929 )
        The goals of GDPR are really good, but it's still too weak and too regional. Better than nothing? Absolutely. But if it was possible to do a true audit of what data is being stored about what people, I would be willing to bet largebucks that even people in GDPR-controlled regions have a vast data footprint that is either stored by companies that don't care about GDPR (and are in some way not very visible, so they don't get called to task) or who have accidentally collected it. GDPR is a very small band-aid
    • That's victim blaming. Unless they put the data out there for everyone to see without any sort of authorization requirement, it really was hackers. The victim may not have had the kind of security expected of someone who handles that much personal data, but that doesn't mean it wasn't hackers. A lack of adequate security and an actual breach are separate issues with different culprits.

      • by PsychoSlashDot ( 207849 ) on Friday October 15, 2021 @06:33AM (#61894435)

        That's victim blaming. Unless they put the data out there for everyone to see without any sort of authorization requirement, it really was hackers. The victim may not have had the kind of security expected of someone who handles that much personal data, but that doesn't mean it wasn't hackers. A lack of adequate security and an actual breach are separate issues with different culprits.

        You're technically correct, but in this case that's not the best kind of correct.

        Victim-blaming is a term that evolved to point out when criticism is in the wrong place. A woman who is assaulted being shamed for the way she was dressed... that's victim-blaming. A person or company who fails to take appropriate caution knowingly, the blame should be upon them.

        Every day I wonder if the security measures I've put in place for my clients are sufficient. Have I missed something? Has something in a complex config changed and protection is no longer where I think it is? I - and be extension my customers - have done the best we can. We tried. Hard. If something happens, in this case it's not through negligence... it's through circumstance (a new threat / social engineering) or a mistake. Blame the intruder. But if it happens again because of a second mistake, then we've done the customer wrong. Because after the first, everything should be re-evaluated, re-checked, re-certified, and likely an outside set of eyes put on the task.

        While we don't have details here, there's cause for blaming Acer, at least provisionally.

        • I don't oppose that someone should look into Acer's security, but you have to recognize that perfect security doesn't exist and preventative defense against a sufficiently motivated hacker is exceedingly expensive and causes other problems. The ultimate responsibility and blame in case of a security breach lies with the attackers, not the victim. As long as these groups can act with almost complete impunity, it is IMHO morally wrong to ask more of the victims before starting to prosecute the attackers in ea

    • It wasn't "hackers", those bogeymen of the cybertubes, it was and is your own failure to secure your computers and networks.

      I had a screen in my window and some guy broke thorugh it, came into my place and stole stuff from me. Completely my fault for not fully securing my place.

    • by Zak3056 ( 69287 )

      it was and is your own failure to secure your computers and networks

      You know, I agree with the above to an extent. But the simple line above ignores the sheer amount of vulnerabilities that have to be mitigated. We're not living in 1990 and, whoops, you're not using shadow passwords, and /etc is available via ftp.

      Vendor: "Oh, hey, here's a patch for a 9.8 rated vulnerability. It's been actively exploited for the last three months so y'all may want to get a time machine and apply this last spring. Lol, our bad. Supply chain attack, you know how it is."

      Which happens week

    • by eepok ( 545733 )

      No. That's not it. There's a difference between blame and liability.

      Hackers commit the crime-- period. Murderers, thieves, hackers -- they're all responsible and to blame for their crimes. A person shot in the chest randomly in the chest does not share blame for not wearing a bullet-proof vest. A homeowner is not to blame for being robbed because they don't have bars on their windows. A company is not to blame for a hacking job because they don't have perfect security.

      HOWEVER -- there are certain legal and

  • I just got a ping from HaveIBeenPwned about a new dump from Thingiverse too. Thingiverse hasn't said anything about it yet.
  • Language evolves and all that, but when did it become cool to stop saying "public relations" and substitute it with the science of light manipulation?

This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...

Working...