Feeds

Acer spills user details Down Under

Breach plugged, customer warning fired out

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

A security breach uncovered last week left customers of Acer's Australian store able to see other user's order histories, complete with contact details. Credit card details were not disclosed but complete contact information (email and phone addresses) and detailed order information was left exposed. This data, samples of which have been seen by The Register, might be used by fraudsters posing as Acer to trick users into handing over sensitive bank or credit card payment details.

Acer said it has fixed the security bug, which it described as a one-off. It notified customers by email (reprinted below) of the breach warning users to contact Acer directly if they are phoned by anyone seeking their order or credit card details.

Des Paroz, Acer's director of e-commerce, told Australian IT that the security glitch was introduced when the site was upgraded three months ago. Acer only became aware of the problem when it was notified by IT security consultant Alex Lane. Lane is critical that Acer failed to take the site offline while it fixed the problem. Acer has promised to investigate its handling of the breach. ®

Dear valued Acer Customer,

This e-mail has been sent to advise you of a minor flaw we have picked up on our online order system. This flaw was brought to our attention by a Shop Acer customer who, when accessing their own order was able to view other Shop Acer orders.

This customer immediately brought it to our attention and the bug has now been fixed. We are not aware of any other occurrences of this flaw and we are confident that this was a once off.

As you may be aware Acer does NOT store any payment details online.

We would however like to advise you that if anyone calls you stating they are from Acer and they would like to clarify your order or credit card details please do not give them out and instead offer to call Acer directly on (02) 8762 3269.

We treat your privacy as an Acer customer very seriously and I'd like to take this opportunity to reassure you that your credit card details have not been compromised.

If you should have any question please feel free contact myself on [email address deleted]

Regards,

Andy Liou National Marketing Manager Australia & New Zealand Phone: +612 8762 3000

Related stories

Acer Ferrari 3200 Athlon 64 notebook
Feds probe huge California data breach
Powergen wins whistleblower case
Your data online: safe as houses

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.