Swiss data protection company Acronis has clarified that a single customer’s account has been compromised after a hacker leaked gigabytes of allegedly stolen information from the company.
A hacker announced Thursday on a popular cybercrime forum that they were “leaking data from a cybersecurity company called Acronis,” claiming they hacked the company because they were bored and wanted to humiliate them.
The hacker is the same one who recently offered to sell 160 GB of stolen data to the computer giant Acer. The company immediately confirmed that one of its document servers had been hacked, but said there was no customer data stored on the compromised machine.
In the Acronis case, the cybercriminal published a 12 Gb file that allegedly contained certificate files, command logs, system settings and information logs, file system files, scripts, and backup configuration data.
Acronis offers backup management, disaster recovery, antivirus, and endpoint protection solutions. After the incident came to light, the company’s CISO, Kevin Reed, clarified in a LinkedIn post that the leaked data appears to come entirely from a single customer account.
“Based on our investigation thus far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended access to the account while we resolve the issue. We also share IOCs with our industry partners and work with law enforcement,” Reed said.
He added: “No other systems or credentials have been affected. There is no evidence of any other successful attack, nor is there any data in the leak that is not in that client’s folder. Our security team is obviously on high alert and the investigation is continuing.”
Acronis has also separately clarified that none of its products are affected by the infringement.
Related: 25,000 Nissan customers affected by data breach at third-party software developer
Related: Atlassian investigates security breach after hackers leak data
Related: 20 Million Users Affected by Data Breach on Instant Checkmate, TruthFinder