Data Breaches

Acronis Clarifies Hack Impact Following Data Leak

Acronis said a single customer’s account was compromised after a hacker leaked gigabytes of information on a cybercrime forum.

Eduard Kovacs

March 10, 2023

Swiss data protection firm Acronis has clarified that a single customer’s account has been compromised after a hacker leaked gigabytes of information allegedly stolen from the company.

A hacker announced on a popular cybercrime forum on Thursday that they were “leaking data of a cybersecurity company called Acronis”, claiming that they hacked the company because they were bored and wanted to humiliate them.

The hacker is the same who recently offered to sell 160 Gb of data stolen from computer giant Acer. The company immediately confirmed that one of its document servers had been hacked, but said no customer data was stored on the compromised machine.

In the case of Acronis, the cybercriminal published a 12 Gb archive file allegedly containing certificate files, command logs, system configurations and information logs, filesystem archives, scripts, and backup configuration data.

Acronis offers backup, disaster recovery, antivirus, and endpoint protection management solutions. After the incident came to light, the company’s CISO, Kevin Reed, clarified in a post on LinkedIn that the leaked data appears to come entirely from a single customer’s account.

“Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended account access as we resolve the issue. We also shared IOCs with our industry partners and work with law enforcement,” Reed said.

He added, “No other system or credential has been affected. There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer. Our security team is obviously on high alert and the investigation continues.”

Acronis has also separately clarified that none of its products are impacted by the breach.

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Latest News

Click to comment

Webinar: How to Build Resilience Against Emerging Cyber Threats

Thursday, March 16, 2023

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Webinar: Understanding Hidden Third-Party Identity Access Risks

Tuesday, March 28, 2023

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Are Encryption and Zero Trust Breaking Key Protections?

Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. (Matt Wilson)

How the Best CISOs Drive Operational Resilience

Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. (Galina Antova)

Defeating the Deepfake Danger

Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant. (Derek Manky)

Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking

Threat actors really only stop when their infrastructure is disrupted and their flow of funds disappears. (Landon Winkelvoss)

Advancing Women in Cybersecurity – One CMO’s Journey

Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity. (Marc Solomon)

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Eduard KovacsJanuary 24, 2023

Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Ryan NaraineFebruary 27, 2023

Data Breaches

GoTo Says Hackers Stole Encrypted Backups, MFA Settings

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Ryan NaraineJanuary 24, 2023

Data Breaches

Atlassian Investigating Security Breach After Hackers Leak Data

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Eduard KovacsFebruary 17, 2023

Cybercrime

20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder

Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Ionut ArghireFebruary 6, 2023

Data Breaches

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.

Eduard KovacsJanuary 23, 2023

Data Breaches

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Ionut ArghireMarch 10, 2023

Data Breaches

Google Fi Data Breach Reportedly Led to SIM Swapping

Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM...

Eduard KovacsFebruary 1, 2023

SECURITYWEEK NETWORK:

Security Experts:

SecurityWeek

Data Breaches

Acronis Clarifies Hack Impact Following Data Leak

More from Eduard Kovacs

Latest News

Webinar: How to Build Resilience Against Emerging Cyber Threats

Webinar: Understanding Hidden Third-Party Identity Access Risks

Expert Insights

Are Encryption and Zero Trust Breaking Key Protections?

How the Best CISOs Drive Operational Resilience

Defeating the Deepfake Danger

Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking

Advancing Women in Cybersecurity – One CMO’s Journey

Related Content

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

Data Breaches

GoTo Says Hackers Stole Encrypted Backups, MFA Settings

Data Breaches

Atlassian Investigating Security Breach After Hackers Leak Data

Cybercrime

20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder

Data Breaches

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

Data Breaches

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

Data Breaches

Google Fi Data Breach Reportedly Led to SIM Swapping

SECURITYWEEK NETWORK:

Security Experts:

More from Eduard Kovacs

Latest News

Trending

Daily Briefing Newsletter

Webinar: How to Build Resilience Against Emerging Cyber Threats

Webinar: Understanding Hidden Third-Party Identity Access Risks

Expert Insights

Are Encryption and Zero Trust Breaking Key Protections?

How the Best CISOs Drive Operational Resilience

Defeating the Deepfake Danger

Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking

Advancing Women in Cybersecurity – One CMO’s Journey

Related Content

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

Data Breaches

GoTo Says Hackers Stole Encrypted Backups, MFA Settings

Data Breaches

Atlassian Investigating Security Breach After Hackers Leak Data

Cybercrime

20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder

Data Breaches

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

Data Breaches

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

Data Breaches

Google Fi Data Breach Reportedly Led to SIM Swapping