Security company Acronis acknowledges data breach with 12GB of customer files
12.2GB of stolen data from Swiss security company Acronis has appeared online. The person who put the data online stated that the security was very poor. Acronis claims the intrusion was limited to the data of a single customer of the company.
The Register writes that it includes “certificate files, logs, system configurations, system information logs, file system archives, Python scripts for an Acronis database, backup configurations, and many screenshots of backup operations.” The hacker calls the security of the cybersecurity company poor and claims that he or she wanted to ‘humiliate’ the company.
Acronis chief information security officer Kevin Reed shares in a LinkedIn post some details about the data breach. The company’s research has so far found that the credentials of a customer uploading diagnostic data to Acronis have been compromised, Reed reports. The company is working with that customer and the account in question has been blocked until the investigation is complete.
Acronis has shared indicators of compromise with security companies and is working with authorities. Acronis says that the data only comes from that one customer; the company emphasizes that “no other system or account has been affected” and that there is “no data breach that is not located in this specific customer’s folder.”
Acronis offers consumer applications for security, backups, file recovery and more. Their True Image backup software is sometimes bundled with SSDs. The company also offers cybersecurity services for companies.