Computer hardware maker Cooler Master faces data breach

May 31, 2024
Cooler Master Computer Hardware Data Breach Hackers

Cooler Master, a computer hardware maker, has suffered a data breach after a threat actor hacked the company’s website and claimed to have stolen 500,000 customers’ Fanzone member information.

Based on reports, this stolen data breach included cooler master corporate, vendor, sales, warranty, inventory, and HR data. In addition, over 500,000 stolen Fanzone members’ personal information, including names, addresses, DoBs, and email, plus plain unencrypted credit card information containing name, credit card number, expiry and 3-digit cc code.

Cooler Master’s Fanzone site allows users to register a product’s warranty, request return merchandise authorisation (RMA), contact support, and sign up for news updates.

Researchers reported that the hackers acquired the data through an infiltration on one of the company’s front-facing websites, allowing them to download multiple databases, including the one containing Fanzone information.

 

The threat actors allegedly extort Cooler Master by threatening the company of leaking or selling the data.

 

Reports say that the threat actor said they tried to contact Cooler Master for cash in exchange for not leaking or selling the data, but the company did not respond. However, they did provide a link to a tiny sample of allegedly stolen data in the form of CSV that appears to have been exported from Cooler Master’s Fanzone website.

These CSV files contain product, vendor, customer, and staff information. One file contains almost 1,000 records of recent customer support tickets and RMA requests, including customers’ names, email addresses, dates of birth, physical addresses, phone numbers, and IP addresses.

Separate research has confirmed with multiple Cooler Master customers in this file that the data is accurate and that they initiated an RMA or support request on the date specified in the leaked sample. Still, the researchers were unable to verify the remaining data.

No study has yet to find evidence about these files containing credit card information confirming the threat actors’ statements.

The threat actor claims they will sell the stolen dataset soon, but they have yet to set a price. Lastly, Cooler Master has not addressed any of these issues or responded to any inquiries about the true scope of the hack.

About the author

Leave a Reply