Feeds

Acer spills user details Down Under

Breach plugged, customer warning fired out

  • alert
  • submit to reddit

SANS - Survey on application security programs

A security breach uncovered last week left customers of Acer's Australian store able to see other user's order histories, complete with contact details. Credit card details were not disclosed but complete contact information (email and phone addresses) and detailed order information was left exposed. This data, samples of which have been seen by The Register, might be used by fraudsters posing as Acer to trick users into handing over sensitive bank or credit card payment details.

Acer said it has fixed the security bug, which it described as a one-off. It notified customers by email (reprinted below) of the breach warning users to contact Acer directly if they are phoned by anyone seeking their order or credit card details.

Des Paroz, Acer's director of e-commerce, told Australian IT that the security glitch was introduced when the site was upgraded three months ago. Acer only became aware of the problem when it was notified by IT security consultant Alex Lane. Lane is critical that Acer failed to take the site offline while it fixed the problem. Acer has promised to investigate its handling of the breach. ®

Dear valued Acer Customer,

This e-mail has been sent to advise you of a minor flaw we have picked up on our online order system. This flaw was brought to our attention by a Shop Acer customer who, when accessing their own order was able to view other Shop Acer orders.

This customer immediately brought it to our attention and the bug has now been fixed. We are not aware of any other occurrences of this flaw and we are confident that this was a once off.

As you may be aware Acer does NOT store any payment details online.

We would however like to advise you that if anyone calls you stating they are from Acer and they would like to clarify your order or credit card details please do not give them out and instead offer to call Acer directly on (02) 8762 3269.

We treat your privacy as an Acer customer very seriously and I'd like to take this opportunity to reassure you that your credit card details have not been compromised.

If you should have any question please feel free contact myself on [email address deleted]

Regards,

Andy Liou National Marketing Manager Australia & New Zealand Phone: +612 8762 3000

Related stories

Acer Ferrari 3200 Athlon 64 notebook
Feds probe huge California data breach
Powergen wins whistleblower case
Your data online: safe as houses

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.