On the 18th of August, an Independent Cyber Security Consultant, Volodymyr “Bob” Diachenko has discovered a leaked customer data on a gaming-gear merchant, Razer, that is believed to be a result of server misconfiguration. Diachenko stumbled upon a misconfigured Elasticsearch cluster that exposed Razer’s customer private information for everyone else to see.
There are no exact numbers of customers affected on this breach, but Diachenko estimated that 100,000 Razer’s customer information had their private information leaked. The breach exposed customer Personally Identifiable Information (PII). This includes full name, email, phone number, customer ID, order number, order details, and billing and shipping addresses.
According to Diachenko, upon his discovery, he reached out to Razer immediately via the company’s support channel. Still, his report was processed by non-Technical Support Managers for more than 3 weeks before finally securing the data away from the public to access.
The gaming hardware manufacturer has acknowledged the leak and made an assurance that there are no sensitive data exposed, such as credit card numbers or passwords.
Razer has also apologized for the said lapse and assured its customers that they have taken all necessary steps to fix the said leak and perform a thorough review of their systems.
The server error was fixed on the 9th of September.
Razer customers could be at risk of fraud and targeted phishing attacks perpetrated by Cybercriminals who might have a glimpse of the data.
Even without payment information and password involved on the said leak, the affected Razer’s customers must still guard up. The acquired data could be used by Cybercriminals to fabricate phishing attacks.
Armed with accurate customer’s recent orders, email, and physical address, these Cybercriminals can have a good shot of impersonating Razer employees and employing Social engineering activities for the customers to giving up a piece of more valuable information such as passwords and credit card information.
Razer Inc is a Singaporean-American multinational company founded in 1998, is a purveyor of consumer electronics, financial services, and gaming hardware.
iZOOlogic’s role to go after the traces leaked by hackers possibly selling them is one of our Dark Web Monitoring services. Through intelligence technique focused on the human and social aspect of data hunting, we may infiltrate groups that engage in such exchange and trade of these data.