Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed online.
Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko. The expert discovered an unsecured database that exposed the information of approximately 100,000 individuals who purchased items from Razer’s online store
Razer is the world leader in high-performance gaming hardware, software and systems.
The unsecured database was discovered on August 19, it contained customers’ info, including a name, email address, phone number, order numbers, order details, and billing and shipping addresses.
“The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” he wrote in a post on LinkedIn. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Diachenko attempted to report his discovery to Razer, but it took time before the database was secured on September 9th. The company thanked the researcher for his support.
“I have immediately notified the company via their support channel on the exposure, however my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.” continues the post.
I must say I really enjoyed my conversations with different reps of @Razer support team via email for the last couple of week, but it did not bring us closer to securing the data breach in their systems. pic.twitter.com/Z6YZ5wvejl
— Bob Diachenko (@MayhemDayOne) September 1, 2020
“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.” reads a statement from the vendor.
“We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”
Exposed data could be abused by threat actors to carry out spear-phishing attacks against the gamer and obtain other info, including financial data.
People that have ever purchased products from Razer’s online store must be vigilant about any unsolicited message from the gaming firm.
For any update on the incident always refer the Razer official website.
(SecurityAffairs – hacking, Razer)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed online.
Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko. The expert discovered an unsecured database that exposed the information of approximately 100,000 individuals who purchased items from Razer’s online store
Razer is the world leader in high-performance gaming hardware, software and systems.
The unsecured database was discovered on August 19, it contained customers’ info, including a name, email address, phone number, order numbers, order details, and billing and shipping addresses.
“The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” he wrote in a post on LinkedIn. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Diachenko attempted to report his discovery to Razer, but it took time before the database was secured on September 9th. The company thanked the researcher for his support.
“I have immediately notified the company via their support channel on the exposure, however my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.” continues the post.
I must say I really enjoyed my conversations with different reps of @Razer support team via email for the last couple of week, but it did not bring us closer to securing the data breach in their systems. pic.twitter.com/Z6YZ5wvejl
— Bob Diachenko (@MayhemDayOne) September 1, 2020
“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.” reads a statement from the vendor.
“We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”
Exposed data could be abused by threat actors to carry out spear-phishing attacks against the gamer and obtain other info, including financial data.
People that have ever purchased products from Razer’s online store must be vigilant about any unsolicited message from the gaming firm.
For any update on the incident always refer the Razer official website.
(SecurityAffairs – hacking, Razer)