Acronis has been hit by a significant data breach, but the company downplayed the severity, saying only a few customer credentials were compromised and that its systems were hopefully unaffected.
Earlier this week, a threat actor named “kernelware” posted a thread on the infamous Breached Forums claiming to have breached Acronis and leaked more than 12 GB of data as evidence.
The leak contains “several certificate files, various command logs, system configurations, system information logs, archives of their file system, python scripts for their maria.db database, backup configuration stuff, loads of screenshots of their backup operations.”
Attacks out of boredom
The threat actor said the only motive for the breach was boredom and the fact that the company’s endpoints (opens in new tab) had “dogsh*t security”. “So I decided to humiliate them. It’s as simple as that,” the thread reads. While some users asked for a more detailed breakdown of how the attack pulled off, kernelware decided not to share any details.
However, Acronis reached out to both the media and social media to claim that none of its products were affected. In response to a tweet, the company said “specific credentials” used by a single customer to upload diagnostic data to an Acronis server had been compromised.
“No Acronis products are affected. Our customer service team is currently working with this customer.”
While this is most likely not a breach of Acronis, the fact remains that the customer has not bothered to use multi-factor authentication (MFA) to secure their account.
MFA is widely regarded as an industry standard for cybersecurity and one of the most highly recommended methods. With MFA, users must also receive a one-time access code to log in. That passcode can be received via SMS, through a mobile app like Google Authenticator, or through a hardware token.
Last year, Passkeys also emerged as a viable alternative to passwords.
Via: The Registry (opens in new tab)