Taiwanese IT giant Acer has confirmed it suffered a data breach after malicious actors hacked into a server hosting private documents used by repair technicians.

However, the company says its investigation results so far do not indicate that this security incident has impacted customer data.

Confirmation of a data breach comes after a threat actor began selling on a popular hacking forum what he claims was 160GB of data stolen from Acer in mid-February 2023.

The threat actor claims that the stolen data contains technical manuals, software tools, back-end infrastructure details, product model documentation for phones, tablets and laptops, BIOS images, ROM files, ISO files, and replacement digital product keys (RDPK).

As proof that they stole data, the threat actor shared screenshots of technical diagrams for the Acer V206HQL display, documents, BIOS definitions and confidential documents.

The data poster said they were selling the data set to the highest bidder, stating that they would only accept the hard-to-trace cryptocurrency Monero (XMR) as a form of payment.

After contacting Acer about the data breach, a company spokesperson confirmed to BleepingComputer that it experienced a breach on one of its document servers.

“We recently detected an incident of unauthorized access to one of our document servers for repair technicians.

Although our investigation is ongoing, there is currently no indication that any consumer data has been stored on this server.” – Acer.

This flaw comes after Acer suffered other security incidents over the past few years.

In March 2021, the computer manufacturer was affected by REvil ransomware gang, demanding a record $50,000,000 ransom in exchange for a decryptor while threatening to leak confidential financial documents.

In October 2021, Acer confirmed that its aftermarket systems in India had been violated. More than 60 GB of data was stolen from its servers, including the records of tens of thousands of customers, distributors and retailers.