Acronis confirms a 12.2 GB data leak. Earlier, a popular hacker forum announced the data breach.
In a statement to The Register, Acronis’ CISO confirmed that the systems were indeed compromised. The damage was reportedly limited to a single customer. No access was gained to any other data held at Acronis.
The breach has not affected any Acronis products and involved only the specific customer’s login and access credentials. This gave the cybercriminals access to a system that the customer uses to upload diagnostic data to Acronis Support. The account has since been blocked. Acronis is conducting further investigations to prevent a recurrence.
Post on Breached Forums
According to The Register, the issue came to light when a cybercriminal named ‘kernelware’ published a post on hacker forum Breached Forums. In this post, the hacker claimed the attack and also published a sample of 12.2 GB of data. He indicated that Acronis’ security was extremely poor.
The data mainly involved leaked certificates, command logs, system configurations, logs with system information, Acronis file system archives, Python scripts for an Acronis database, backup configuration and various screenshots of backup operations.
Link to Acer data leak
The tech site indicates that kernelware is also associated with the hack earlier this week on computer manufacturer Acer. In that attack, 160 GB of data was captured. This attack was also made public by the hacker on a hacker forum.
UPDATE 14-03: Earlier, we wrote about the claim on a hacker forum that Acronis has been hacked. During our contact with Acronis, the company states that this is not the case. The English statement reads, “On March 9, a post on BreachedForums mentioned that Acronis had been hacked. As this is a very serious matter, we immediately opened an investigation and found that this post was unfounded and no Acronis products had been hacked or compromised. What we did find was that the credentials used by one specific customer to upload diagnostic data to Acronis Support was compromised and made available online. A threat actor then used that information to access diagnostic data which did NOT contain private or sensitive information and was wholly outside of the Acronis system and perimeter. We worked with the customer directly, and suspended account access immediately as an added security measure.”
Translated with www.DeepL.com/Translator (free version)
Also read: Acer confirms 160 GB data leak