Acer joins a long parade of hacked computer companies

David Heath
Tuesday, 07 June 2011 12:42

Business IT - Security

Guess who had an insecure FTP server?  Acer has gifted the hackers truck-loads of sensitive data, all nicely laid out for easy use.

According to The Hacker Times (not necessarily the most authoritative of sources, but this isn't exactly a place where angels frequently tread), a hacking group calling itself 'The Pakistan Cyber Army' has accessed Acer Europe's FTP server and accessed (we don't know everything that was downloaded) a treasure trove of customer and company information.

Included in the haul was a 13MB zip file containing a spreadsheet with customer details such as first and last name, country of residence, email address and the products they'd purchased.  In addition a variety of source code was accessed.

As a salutary warning to everyone who manages an internal FTP server, PCA members discovered the FTP authentication details posted on a publicly accessible Acer forum dating back to January 2008.

For those interested in following the path, although Acer has taken both the FTP site and the forum down, access credentials were still available via Google's cache from the first entry in a very obvious search (variations of the search still placed the relevant site on the first page of hits).

Although best known for its targeted hacking against a variety of Indian institutions, PCA has obviously fond an easy target in order to boost its image.  Unfortunately, the greater a hacking group's image is boosted, the more they come to the attention of the various authorities.

We definitely live in interesting times.