GBs of Acronis data, including Liquid Web, allegedly breached by BreachForums\Kernelware

(image sources: Acronis, 2012 & Liquid Web, 2020)

One-sentence summary:

Acronis customer Liquid Web was breached by Kernelware, allegedly producing GBs of data (involving both companies) posted for sale on BreachForums.

Who was involved?

Acronis, a single Acronis customer– Liquid Web, and Kernelware.

What was the timeline?

March 9, 2023: Kernelware posts the data for sale on BreachForums

March 10, 2023: Liquid Web acknowledges the breach to HackRead

What occurred?

Kernelware posted a data dump for sale on BreachForums allegedly containing GBs of sensitive data for Acronis (Waqas, 2023). Acronis acknowledged the breach, however, qualifying that it was confined to a single customer (Liquid Web) and only involved a diagnostic uplink (Kaur, 2023, paras. 6-7). Liquid Web data was found within the breach, invoking an acknowledgment from Liquid Web (Waqas, 2023, paras. 4-6). Leaked data allegedly included: “certificate files, command logs, system configurations, system information logs, archives of their filesystem, and python scripts for their maria.db database, backup configuration stuff, and loads of screenshots of their backup operations” (Waqas, 2023, para. 3).

Estimated costs:

Potential incident response costs.

Involved laws:

TBA or N/A

Root cause:

Single customer password (Kaur, 2023, para. 6).

Lessons learned:

Strong password policies, MFA, mandatory 2FA, FIDO authentication. Potentially conditional access (e.g., geographical, IP, or CTI-based) policies, risk-based authentication, attribute-based access control (ABAC).

Sources:

Acronis. (2012, September 5). Logo di Acronis. Wikimedia Commons. https://commons.wikimedia.org/wiki/File:Acronis.svg

Kaur, D. (2023, March 10). Acronis customer compromised by ‘bored’ hacker. Here’s what we know. Techwire Asia. Retrieved March 13, 2023, from https://techwireasia.com/2023/03/a-bored-hacker-breached-swiss-cybersecurity-firm-acronis-heres-what-we-know-so-far/

Liquid Web. (2020, January). twitter-thumb.jpg. Cloudinary. https://res.cloudinary.com/lwgatsby/f_auto/www/uploads/2020/01/twitter-thumb.jpg

Waqas. (2023, March 10). Cybersecurity Firm Acronis Data Breach: Hackers Leak 21GB of Data. HackRead | Latest Cybersecurity and Hacking News Site. Retrieved March 13, 2023, from https://www.hackread.com/cybersecurity-firm-acronis-data-breach/

About Post Author

Kyler Kent CISSP

I am a Threat Hunting and Intelligence Specialist and am a progressive, aspiring cyber leader. I am currently based in Dallas, with a holistic and multidisciplinary background. I am a lifelong learner– constantly seeking education and training opportunities. I maintain several cybersecurity and IT certifications. I also maintain two Texas DPS private security licenses. Finally, I have a master’s degree from Georgetown University’s SCS Cybersecurity Risk Management program. https://linktr.ee/kentprotect.com Corrections: [email protected]

http://kylerkent.com