Acer penalized $115k for leaving credit card info unprotected
Hackers took 35,000 customers' personal data when the company's misconfigured website left it exposed.
It wasn't nearly as bad as Yahoo leaking 500 million users' data, but Acer had its own hacking scare last year. Back in June, the Taiwanese computer manufacturer admitted that somebody stole credit card information for nearly 35,000 individuals who bought from the company's online store. The electronics giant finally settled with the New York Attorney General's office to the tune of $115,000 in penalties along with an assurance to shore up their digital security.
During their investigation, the attorney general's office discovered that Acer's technical support had made serious security errors. First, they left Acer's e-commerce platform in debugging mode from July 2015 until April 2016. This setting stores all data transferred through the website in an unencrypted, plain-text log file. Then they misconfigured the company website to allow directory browsing by any unauthorized user.
At least one hacking group noticed and stole data between November 2015 and April 2016. This amounted to leaked legal names, usernames and passwords, physical addresses and credit card numbers with verification codes for over 35,000 individuals in the US, Canada and Puerto Rico. Thankfully, the haul didn't include social security numbers, but it's still a painful security snafu from a known computer brand.