Hardware manufacturer Razer has leaked the personal information of “around 100,000” of its customers.
Last month, security consultant Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster containing Razer customers’ personal information that was made public starting with August 18 and also indexed by search engines.
While it did not include credit card numbers, the leaked information revealed the customers’ “full name, email, phone number, customer internal ID, order number, order details, billing and shipping address”.
Razer Leaks 100,000 Customers' Private Information
Although Diachenko reported the issue to Razer soon after its discovery, the company’s customer support department proved unhelpful.
“[…]my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.” Diachenko wrote on LinkedIn via ArsTechnica.
Hey @Razer - this is NOT how to handle a security alert on an incident that affects your customers PII. Please reach out for more details. pic.twitter.com/UU2ZrA69fL
— Bob Diachenko (@MayhemDayOne) August 20, 2020
Razer did eventually respond a few days ago, on September 11, with the following statement:
“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”</b>
Although the information is no longer available to the public, the leak could have already put it into the hands of scammers.
If you’ve ordered any Razer hardware prior to the leak, be on the lookout for suspicious emails and triple-check any links you’re asked to click, as they could be phishing attempts.
Keep updated on the latest PC Gaming news by following GameWatcher on Twitter, checking out our videos on YouTube, giving us a like on Facebook, and joining us on Discord. We may also include links to affiliate stores, which gives us a small commission if you purchase anything via them. Thank you.
