High-end PC gaming seller Razer has recently been involved in a data leak incident due to a server misconfiguration. The unsecured database reportedly exposed the personal information of approximately 100,000 customers.
Razer is a Singaporean-American high-end PC gaming manufacturer that specializes in producing and selling laptops, keyboards, mice, apparel, and other similar high-end gaming products and devices, notes Bleeping Computer.
Security researcher Volodymyr “Bob” Diachenko was the first to discover the incident after finding an unsecured and misconfigured served easily accessible to the public. Diachenko found the server on August 19, 2020, and has since reached out to Razer to alert them regarding the misconfigured server.
According to PC Mag, the server contained new logs of customer orders from July to August of 2020. In addition, International Business Times maintains that the customers mainly affected by the incident are those who purchased from Razer prior to September 9, 2020.
PC Mag reports the information compromised to include full names, phone numbers, email addresses, customer internal IDs, order details, order numbers, and billing and shipping addresses.
Despite issuing a fix for the compromised server on September 9, 2020, the fact remains that the personal and customer information of Razer gaming fans have been exposed and may have been compromised for almost a month.
In his report, Diachenko said his message was only received by non-technical support managers, thus the delay in addressing the data leak from Razer’s end. Diachenko said the data leak could make customers vulnerable to phishing attacks or other malicious attempts, states Threat Post.
In a statement via LinkedIn, Diachenko said, “The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020, and indexed by public search engines. Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Following the incident, Global Marketing Director of Razer Hung Wei Goh thanked Volodymyr for his efforts and for alerting the company about the data leak. In a statement, Goh also assured the customers and the public at large that there was no other information, apart from the aforementioned, exposed to the public.
Goh said, “No other sensitive data such as credit cards numbers or passwords were exposed.”
Individuals who are concerned about the leaky server are urged to be more vigilant against malicious attackers.