Acronis security incident analysis

Acronis Cyber Protect Cloud
for service providers
Other languages available: 日本語

What happened?

On March 9, 2023, a post on BreachForums mentioned an Acronis data leak.  As this is a very serious matter, our security team immediately opened an investigation.

Based on the results of the investigation, we can confirm that credentials used by one specific customer to upload diagnostic data to Acronis Support were compromised and made available online. A threat actor then used that information to access diagnostic data which did NOT contain any private or sensitive information. No vulnerabilities in Acronis products or services were exploited, and no services were compromised. The threat actor did not manage to move laterally to any other system or service or access any other customer data.

What did Acronis do about it?

As a part of incident response, we blocked access to the compromised account and worked with the customer to assess the impact. We also reviewed logs for other services and found no evidence of any unauthorized access or exploitation attempts. We shared the IOCs with our industry partners and worked with law enforcement.

Additionally, we have been providing guidance and factual statements to media outlets and / or reporters to ensure accurate reporting.

Was Acronis hacked?

No, Acronis was not hacked. One customer’s user credentials were compromised outside of our systems.

Has my data been compromised?

No, there is no threat to other Acronis customers or their data. As a cyber protection company, we take security very seriously. No Acronis systems or networks were compromised.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.