Pakistan Cyber Army is making headlines today for reportedly getting into Acer Servers.
According to Hacker News, Pakistan Cyber Army got hold of sensitive data of over 40,000 Acer customers, not through hacking but due to a stupid mistake made by Acer itself.
Website says that Acer, mistakenly, left it’s FTP username / password on a public forum, and then never changed it.
PCA, somehow, got the clue and entered into Acer servers and grabbed a good amount of sensitive data including country wise customer’s names, cell numbers, addresses and more.
Pakistan Cyber Army hasn’t confirmed so far if it actually hacked into Acer servers or it had obtained the ftp username / password from the internet.
Check Below Screenshots of Acer customers’ data: (Click of images to enlarge)
More on The Hacker News and CNET
Update:
Pakistan Cyber Army has issued a media statement, which is as following:
At Last Silence has been broken, we Pakistan Cyber Army (PCA) claim to have hacked into Acer Europe’s servers. Though, we don’t bear any criminal intentions, such as leaking any kind of the data that was retrieved from Acer Server.
“After the disclosure of the news an advisory email was sent out to Acer for the correction as well as the assurance that we have securely deleted the data from our machines and it is no longer in our possession, said the PCA.
The obfuscation of username and data was done intentionally not to make it more obvious. This was done just to make sure that Acer learns the lesson – as we believe in securing personal information and respect it.
We like to appreciate “the hacker news” team that in so short time they were able to detect the flaw. Our intention to bring out the information was to prove one old saying “There is no patch for human stupidity”.
We want to proof with this disclosure that in today’s complex security and network architecture many common things can be overlooked. The more push is on buying high value solution implementation rather than developing sense of realization of the most important factor which is human resource.
Many of script kiddies out there were joking – even saying that it wasn’t a hack or even a kid can do this stuff with the information. In response, we would say: “Where the he** was everybody else since this information was there for 3 years”. So it were us who discovered it.
In the End we would like to again appreciate the efforts of so many security blogs out there specially “The Hacker News” .
Peace,
Pakistan Zindabad,
Pakistan Cyber Army