The hacker behind the breach of the cybersecurity and cloud protection service provider is the same individual who was behind the recent Indian HDFC bank and Acer breaches.
Editor's note: This article has been updated with an exclusive, confirmation statement from Liquid Web.
A Swiss technology and cybersecurity company, Acronis, has been hit by a data breach, with over 21 GB of files and folders being leaked by a hacker known as Kernelware.
The trove of data was posted on Breach Forums on Thursday, March 9th, 2023, with no login credentials being leaked. The hacker, who was also behind the recent Indian HDFC bank and Acer breaches, claimed to have breached Acronis because “they were bored and wanted to humiliate the company.”
According to Kernelware, the leaked data includes various certificate files, command logs, system configurations, system information logs, archives of their filesystem, and python scripts for their maria.db database, backup configuration stuff, and loads of screenshots of their backup operations.
Hackread.com also analyzed the leaked data and it can be confirmed that no login credentials were leaked in the breach. However, several files and folders showed internal images and logs from Lansing, Michigan-based web hosting firm, Liquid Web.
Liquid Web was informed by Hackread.com and is investigating the leak. On the other hand, Acronis’ CISO, Kevin Reed, confirmed the incident in a LinkedIn post, stating that “Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised.”
Update: 10:32 PM Friday, March 10, 2023 -GMT.
Liquid Web provided an exclusive statement to Hackread.com, stating that on March 9th, the company became aware of a breach in which Acronis’ support server, containing Liquid Web information, was compromised, and data was downloaded.
Acronis notified us on March 9th that their support server containing Liquid Web information was compromised and data was downloaded. Working with Acronis, we have verified that this server was used for troubleshooting only and no Liquid Web customer credentials, files, or databases were breached.
Liquid Web
Reed claimed that no other system or credential has been impacted by this incident. The company has found no evidence of any other successful attacks and the leaked data is limited to the folder of the affected customer.
In a comment to Hackread.com, Matt Rider, VP of Security Engineering EMEA at Exabeam said “This news reinforces the importance of making sure that all bases are covered when it comes to cybersecurity, as this leak resulted from just a single employee’s credentials being compromised.”
Matt emphasised that “finding an intruder quickly is essential to stopping them in their tracks, yet most organisations struggle to know when legitimate credentials have been compromised. This is because it is impossible to detect abnormal credential use unless you have already baselined what is normal.”
This incident and other recent cybersecurity incidents serve as a reminder of the importance of cybersecurity measures for businesses and organizations. As technology continues to advance, the threat of cyberattacks has become more prevalent, and the consequences can be severe, including financial loss, reputational damage, and legal liabilities.
Businesses must take proactive steps to protect their data and systems by implementing robust cybersecurity measures, such as regular security assessments, employee training, network monitoring, and incident response planning. It is also crucial to stay up to date with the latest cybersecurity trends and best practices to address evolving threats.
Furthermore, individuals also play an important role in preventing cybersecurity incidents by being vigilant about online activities, using strong passwords, and keeping software and systems up to date. Overall, it is essential to recognize the seriousness of cybersecurity threats and take necessary precautions to prevent and mitigate their impact.
