Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Acronis states that only one customer’s account has been compromised. Much ado about nothing

Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised. The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted. This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and […]

Acronis breach

Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised.

The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted.

This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and started leaking it on the cybercrime forum Breached Forums.

The threat actor is the same who recently offered for sale the data stolen from Taiwanese multinational hardware and electronics corporation Acer.

The Acronis leak contains multiple certificate files, command logs, system configurations, system information logs, filesystem archives, python scripts for the company’s maria.db database, backup configuration stuff, screenshots of backup operations,

Acronis breach

“Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended account access as we resolve the issue. We also shared IOCs with our industry partners and work with law enforcement.” said Acronis CEO Kevin Reed. “No other system or credential has been affected. There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer. Our security team is obviously on high alert and the investigation continues.”

The company added that its products were not affected by the security breach and that it is not aware of vulnerabilities affecting its systems.

The threat actors compromised the single account after having obtained its login credentials.

Kernelware pointed out that despite Acronis offers data protection services, “they have dogshit security with the slogan “All-in-one Cyber Protection”. Pretty ironic lol.” The threat actor shared a 12.2GB archive containing the stolen files.

Clearly, if the investigation will confirm that only a single account has been compromised, there is no reason to believe that the company hasn’t a good security posture.

Much ado about nothing!

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Acronis)