Acronis has been hit by a significant data breach, however the company has played down its seriousness by saying only some customer credentials were affected, and that its systems hopefully remained unaffected.
Earlier this week, a threat actor going by the name “kernelware” posted a thread on the infamous Breached Forums in which they claimed to have breached Acronis, and as proof, leaked more than 12GB of data.
The leak contains “various certificate files, various command logs, system configurations, system information logs, archives of their filesystem, python scripts for their maria.db database, backup configuration stuff, loads of screenshots of their backup operations.”
Attacking out of boredom
The threat actor said the only motive for the breach was boredom, and the fact that the firm’s endpoints (opens in new tab) had “dogsh*t security”. “So i just decided to humiliate them. Simple as that,” the thread reads. While some users asked for a more detailed breakdown on how the attacked pulled it off, kernelware decided not to share any details.
However, Acronis reached out to both the media and social media, to claim none of its products were affected. In a response to a tweet, the company said “specific credentials” used by a single customer to upload diagnostic data to an Acronis server were compromised.
“No Acronis products have been affected. Our customer service team is currently working with this customer.”
Despite this most likely not being a breach of Acronis, the fact still remains that the client did not bother to use multi-factor authentication (MFA) to secure their account.
MFA is widely considered as an industry standard for cybersecurity, and one of the most advised methods. With MFA, users also need to receive a one-time passcode in order to log in. That passcode can be received either via SMS, through a mobile app such as Google Authenticator, or via a hardware token.
Last year, Passkeys have also emerged as a viable alternative to passwords.
Via: The Register (opens in new tab)