Acer spills user details Down Under

Breach plugged, customer warning fired out

Mon 7 Feb 2005 // 13:39 UTC

A security breach uncovered last week left customers of Acer's Australian store able to see other user's order histories, complete with contact details. Credit card details were not disclosed but complete contact information (email and phone addresses) and detailed order information was left exposed. This data, samples of which have been seen by The Register, might be used by fraudsters posing as Acer to trick users into handing over sensitive bank or credit card payment details.

Acer said it has fixed the security bug, which it described as a one-off. It notified customers by email (reprinted below) of the breach warning users to contact Acer directly if they are phoned by anyone seeking their order or credit card details.

Des Paroz, Acer's director of e-commerce, told Australian IT that the security glitch was introduced when the site was upgraded three months ago. Acer only became aware of the problem when it was notified by IT security consultant Alex Lane. Lane is critical that Acer failed to take the site offline while it fixed the problem. Acer has promised to investigate its handling of the breach. ®

Dear valued Acer Customer,
This e-mail has been sent to advise you of a minor flaw we have picked up on our online order system. This flaw was brought to our attention by a Shop Acer customer who, when accessing their own order was able to view other Shop Acer orders.

This customer immediately brought it to our attention and the bug has now been fixed. We are not aware of any other occurrences of this flaw and we are confident that this was a once off.

As you may be aware Acer does NOT store any payment details online.

We would however like to advise you that if anyone calls you stating they are from Acer and they would like to clarify your order or credit card details please do not give them out and instead offer to call Acer directly on (02) 8762 3269.

We treat your privacy as an Acer customer very seriously and I'd like to take this opportunity to reassure you that your credit card details have not been compromised.

If you should have any question please feel free contact myself on [email address deleted]

Regards,

Andy Liou National Marketing Manager Australia & New Zealand Phone: +612 8762 3000

Topics

Special Features

Vendor Voice

Resources

Security

Acer spills user details Down Under

Breach plugged, customer warning fired out

Related stories

More about

TIP US OFF

Other stories you might like

IBM to acquire Hashi for $6.4 billion, hopes it will boost software biz and Red Hat

Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors

Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes

Reducing the cloud security overhead

With Run:ai acquisition, Nvidia aims to manage your AI kubes

Apple releases OpenELM, a slightly more accurate LLM

Musk moves Tesla's goalposts, investors happily move shares higher

Shouldn't Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking

Now all Windows 11 users are getting adverts to 'make the Start menu great again'

Lenovo and Micron first to implement LPCAMM2 in laptop

Microsoft cannot keep its own security in order, so what hope for its add-ons customers?

US Chamber of Commerce to sue FTC for banning noncompetes in most jobs

About Us

Our Websites

Your Privacy