The Philippine branch of Taiwanese technology company Acer confirmed that information related to its employees was leaked after a third-party supplier suffered a security breach.
An attacker named “ph1ns” posted a link on a hacking forum to a stolen database containing employee attendance data from Acer Philippines. The database reportedly included workers’ names, usernames, passwords, roles, departments, employer names, dates of birth, mobile phone numbers and email addresses.
Ph1ns says they will not sell the data, but will make it available for free to anyone who is interested.
Does free access to stolen data indicate that the attackers believe that the stolen information cannot be easily monetized, or is it an altruistic act by Ph1ns?
Your guess is as good as mine. But the alleged hack by an unnamed third-party vendor occurred under the banner of “#OpEDSA,” a movement calling for political change in the Philippines and targeting companies in the country.
It’s worth emphasizing that the stolen data was not obtained directly from Acer, and there is no evidence that the company’s systems were compromised.
Instead, the company that manages the attendance data of Acer Philippines employees appears to have suffered a security breach of its own. Of course, this is of little comfort to workers, who would understandably be unhappy with their personal information falling into the hands of hackers and being shared via hacker forums.
in a Statement posted on TwitterAcer Philippines also stressed that no customer information was exposed as a result of the breach.
This is certainly a glimmer of hope for Acer laptop buyers. Things are better than they were a decade ago, when Acer’s e-commerce site was hacked and hackers stole customers’ details, including (poof!) payment card information.
Acer can once again argue that it was not its infrastructure that was hacked, but that it has suffered security breaches in the past – including a $50 million ransomware attack and the theft of 60GB worth of files from its servers in India.
All businesses need to secure their systems and trust that information entrusted to third parties will be kept safely out of the reach of hackers.
