Acronis states that only one customer’s account has been compromised. Much ado about nothing

1 year ago AndyC

Acronis
downplays
the
severity
of
the
recent
security
breach
explaining
that
only
a
single
customer’s
account
was
compromised.

The
CISO
of
Acronis
downplayed
a
recent
intrusion,
revealing
that
only
one
customer
was
impacted.

Acronis
downplays
the
severity
of
the
recent
security
breach
explaining
that
only
a
single
customer’s
account
was
compromised.

The
CISO
of
Acronis
downplayed
a
recent
intrusion,
revealing
that
only
one
customer
was
impacted.

This
week
a
threat
actor,
who
goes
online
with
the
moniker
“kernelware”,
claimed
the
theft
of
data
from
technology
firm
Acronis
and
started
leaking
it
on
the
cybercrime
forum
Breached
Forums.

The
threat
actor
is
the
same
who
recently

offered
for
sale
the
data
stolen
from
Taiwanese
multinational
hardware
and
electronics
corporation
Acer.

The
Acronis
leak
contains
multiple
certificate
files,
command
logs,
system
configurations,
system
information
logs,
filesystem
archives,
python
scripts
for
the
company’s
maria.db
database,
backup
configuration
stuff,
screenshots
of
backup
operations,

“Based
on
our
investigation
so
far,
the
credentials
used
by
a
single
specific
customer
to
upload
diagnostic
data
to
Acronis
support
have
been
compromised. We
are
working
with
that
customer
and
have
suspended
account
access
as
we
resolve
the
issue. We
also
shared
IOCs
with
our
industry
partners
and
work
with
law
enforcement.”

said
Acronis
CEO
Kevin
Reed.
“No
other
system
or
credential
has
been
affected.
There
is
no
evidence
of
any
other
successful
attack,
nor
there
is
any
data
in
the
leak
that
is
not
in
the
folder
of
that
one
customer.
Our
security
team
is
obviously
on
high
alert
and
the
investigation
continues.”

The
company
added
that
its
products
were
not
affected
by
the
security
breach
and
that
it
is
not
aware
of
vulnerabilities
affecting
its
systems.

The
threat
actors
compromised
the
single
account
after
having
obtained
its
login
credentials.

For
transparency,
the
specific
credentials
used
by
only
one
customer
to
upload
diagnostic
data
to
an
Acronis
file
server
was compromised,
no
Acronis
products
have
been
affected.
Our
customer
service
team
is
currently
working
with
this
customer.
Updates
to
follow
as
needed.

—
Acronis
(@Acronis)

March
9,
2023

Kernelware
pointed
out
that
despite
Acronis
offers
data
protection
services,
“they
have
dogshit
security
with
the
slogan
“All-in-one
Cyber
Protection”.
Pretty
ironic
lol.”
The
threat
actor
shared
a
12.2GB
archive
containing
the
stolen
files.

Clearly,
if
the
investigation
will
confirm
that
only
a
single
account
has
been
compromised,
there
is
no
reason
to
believe
that
the
company
hasn’t
a
good
security
posture.

Much
ado
about
nothing!

Follow
me
on
Twitter:

@securityaffairs
and

Facebook
and

Mastodon

Pierluigi Paganini

(SecurityAffairs –

hacking,
Acronis)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts