Security failures at online services don't come much bigger than the issue Acer has just owned up to. In a letter to customers of its online store, the Taiwanese PC maker admits it has found "unauthorized access by a third party to [information] potentially including your name, address, card number, expiration date and three-digit security codes." That's all anyone needs to be able to make remote purchases, whether on the web or by phone, and it marks a particularly bad lapse in Acer's data safeguards.
Affected customers are those who bought anything from Acer's North American web store between May 12th of last year and April 28th this year, and all will be receiving the letter advising them of the security breach. Acer has told ZDNet that the total number of exposed accounts is 34,500. Login and password details haven't been identified as part of the data breach, but the company isn't ruling that possibility out either. If there's any bright side to this, it's in the relatively small amount of business that Acer was doing through its e-commerce portal. Things might have been much worse if one of the bigger online retailers had suffered the same gaffe.