Swiss cybersecurity and data backup business Acronis became the latest infosecurity business to face a data breach. A Breached Forums user under the alias Kernelware claimed on February 9 that they had successfully breached Acronis.
According to the post, the Breach Forums user has obtained and published data such as certificate files, system configurations, command logs, system information logs, backups of their file system, python scripts for an Acronis database, backup configuration, and screenshots of backup operations.
Acronis CISO Kevin Reed admitted that their systems were breached but claimed that only one customer was impacted, and all other data is secure. The total size of the files leaked was 12.2 GB, Kernelware claimed.
“Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended account access as we resolve the issue,” he posted on LinkedIn.
“No other system or credential has been affected. There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer. Our security team is obviously on high alert and the investigation continues.”
The company also released an official statement and a detailed analysis of the security incident. “Data of one Acronis customer was leaked due to this customer’s password compromise. Acronis was not hacked. Acronis only currently acknowledge to the compromise of a single customer password. We are still investigating the situation.”
Acronis data breach: Details and denial
Acronis International GmbH, simply referred to as Acronis, is a Swiss technology company with its corporate headquarters in Schaffhausen, Switzerland and global headquarters in Singapore.
Founded in 2003, the company operates in 18 global locations and directly employs more than 2,000 people.
The Breach Forums user alleged that Acronis had weak security measures despite being a $120 million company operating in data protection and information security.
They claimed to have breached Acronis because they were bored and wanted to “humiliate” the company.
Cybersecurity business Falcon Feeds IO was among the earlier sources to tweet about the incident. The company’s official Twitter handle replied to it, downplaying the incident.
“For transparency, the specific credentials used by only one customer to upload diagnostic data to an Acronis file server was compromised, no Acronis products have been affected. Our customer service team is currently working with this customer. Updates to follow as needed,” the tweet said.
A user in the hacker's forum claims to have leaked data from a #Switzerland cybersecurity company. The leaked data includes various certificate files, command logs, system configurations, system information logs, archives of their filesystem, python scripts for their maria.db… pic.twitter.com/DMf5tr1BJB
— FalconFeedsio (@FalconFeedsio) March 9, 2023
Kernelware, Acer, Acronis, and previous hits
Kernelware’s latest post comes days after claiming responsibility for the hack on Acer Inc., the Taiwanese multinational hardware and electronics corporation.
Kernelware last week offered to sell a tranche of over 2,800 files totaling 160 GB, containing confidential slides, staff manuals, confidential product documentation, binary files, information on backend infrastructure, disk images, replacement digital product keys, and BIOS-related information.
Acer later confirmed that it had recently detected an unauthorized access incident on one of its document servers for repair technicians. However, the company stated that there was no indication that any consumer data was stored on that server.
Acronis is also not new to cybersecurity situations. The company faced a serious a data leak in 2012. According to the company, it occurred when access control settings were reset to default, exposing certain information from its knowledge base to the public.
Acronis maintained then that most of the content in the database was not sensitive, but an older spreadsheet containing email addresses of customers who were entitled to a free product upgrade and their upgrade license key was leaked.
In an email to customers, the company blamed the data breach on a technical issue with one of its servers and warned that customers’ email addresses could have been publicly accessed by directly searching for them on the internet.
