Acer, well known manufacturer of laptops, TVs, and other goods, has announced a long-running breach (active for nearly a year), targeting anybody who made use of their e-commerce site between May 2015 and April 2016.
The good news: there’s no indication of the hackers nabbing login details.
The bad news: they may well have lifted pretty much everything bar login details, to the tune of name, address, card number, expiration date, and 3 digit security code.
While this means anyone affected doesn’t need to wrack their brains trying to remember if they’ve just had a reused login credentials faux pas, it does mean that they should keep an eye out for potentially dubious transactions and / or targeted phish attacks. Although there is little additional information as to how Acer were breached at this time, businesses need to ensure they’re looking over everything on their network and not just potentially infected endpoints.
Even if a network is potentially rock solid, scammers are increasingly going after the employees with social engineering, phishing mails, and (when all else fails), liberal servings of Business Email Compromise. However you look at it, everything is a target and it’s up to all of us to ensure we’re as secure as possible. It only takes one basic mistake.
This is the latest in a seemingly never-ending stream of big businesses being hit by major attacks, and no doubt there’ll be another one along in the near future. 2013, 2014, and 2015 have all been called the “Year of the Breach” and you can bet when the smoke clears that we’ll be adding 2016 to the “No, it’s actually this one” pile too.
We can be as careful as we like when managing our online accounts, but there’s little we can do when a business we make use of is breached. If you’ve been affected by the above antics, please check your bank statements regularly and with any luck you won’t be caught up in the inevitable fallout.
Christopher Boyd