Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hacker "Maxney" recently defaced six subdomains belonging to Acer India, and published personal information on thousands of clients.
According to an analysis by Cyber War News, the published file contains "well over 15,000 account and client credentials as well as resellers, support [companies] and staff information."
"The data appears to be a complete server extraction within two folders," ZeroSecurity reports.
The six sites affected are acn.acer.co.in, adn.acer.co.in, aln.acer.co.in, asn.acer.co.in, humanet.acer.co.in, and select.acer.co.in.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Apparently, the attacker targeted the site as a form of protest against Israel," writes Softpedia's Eduard Kovacs. "'Hearts a petrified Monster Israeli Zionists. You will find us in the face of all the games you’ve played (sic),' the hacker wrote on the defaced pages. At the time of writing, all the affected sites have been restored."
The attack appears to be part of an ongoing campaign -- in September, Maxney published information on more than 8,000 users of ASUS' Italian Web site, and in October, he published 1,901 personal details stolen from the Thai Web site for McDonald's.
Maxney is a member of the Turkish Ajan hacker group. "Less than three months ago the same Turkish hacking group group breached the Domino's pizza site in India, leaking 37,000 user details to Pastebin," according to Infosecurity. "Zone-H reports that Maxney has now made 32 defacement notifications, 17 of them comprising ‘mass’ defacements (such as this Acer attack), and 15 single IP address defacements."