25 November 2017
In 2015, Acer’s misconfigured website invited many hackers to compromise the data of around 35,000 customers. Acer’s technical support had made some serious security errors by leaving the company’ e-commerce platform in debugging more from July 2015 until April 2016.
This mistake resulted in the storage of all the unencrypted data into the plain-text log file. The team then misconfigured the company website to allow directory browsing by any unauthorized user.
One hacking group noticed and stole the data between November 2015 and April 2016. The hackers took an advantage of the credentials of the users who used the website in this time period. This lead to the leaked legal names, usernames and passwords, physical addresses and credit card numbers with verification codes for over 35,000 individuals in the US, Canada, and Puerto Rico.
Acer admitted this back in June that someone stole credit card information for nearly 35,000 individuals who bought from the company’s online store. The electronics giant finally settled with the New York Attorney General's office and will provide $115,000 in penalties along with an assurance to shore up their digital security.
This is a horrifying incident and a major flaw from the Taiwanese company who couldn’t recognize what was going for almost more than 15 months.
“Businesses have a duty to protect their customers’ personal information as securely as possible,” said Attorney General Schneiderman. “Lax security practices like those we uncovered at Acer put New Yorkers’ credit card information and other personal data at serious risk. That’s unacceptable, and will change under the terms of our settlement today. My office will continue to hold businesses accountable for protecting their customers’ private information.”