During their investigation, the attorney general's office discovered that Acer's technical support had made serious security errors. First, they left Acer's e-commerce platform in debugging mode from July 2015 until April 2016. This setting stores all data transferred through the website in an unencrypted, plain-text log file. Then they misconfigured the company website to allow directory browsing by any unauthorized user.

At least one hacking group noticed and stole data between November 2015 and April 2016. This amounted to leaked legal names, usernames and passwords, physical addresses and credit card numbers with verification codes for over 35,000 individuals in the US, Canada and Puerto Rico. Thankfully, the haul didn't include social security numbers, but it's still a painful security snafu from a known computer brand.