Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko. The expert discovered an unsecured database that exposed the information of approximately 100,000 individuals who purchased items from Razer’s online store
Razer is the world leader in high-performance gaming hardware, software and systems.
The unsecured database was discovered on August 19, it contained customers’ info, including a name, email address, phone number, order numbers, order details, and billing and shipping addresses.
“The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” he wrote in a post on LinkedIn. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Diachenko attempted to report his discovery to Razer, but it took time before the database was secured on September 9th. The company thanked the researcher for his support.
“I have immediately notified the company via their support channel on the exposure, however my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.” continues the post.
“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.” reads a statement from the vendor.
“We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”
Exposed data could be abused by threat actors to carry out spear-phishing attacks against the gamer and obtain other info, including financial data.
People that have ever purchased products from Razer’s online store must be vigilant about any unsolicited message from the gaming firm.
For any update on the incident always refer the Razer official website.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Razer)