Gaming hardware manufacturer Razer (opens in new tab) has confirmed it suffered a data leak that could have exposed information relating to circa 100,000 customers.
The incident was first discovered by security researcher Bob Diachenko, who came across an improperly configured database (opens in new tab) containing data belonging to users of Razer’s online store.
The cloud database contained personally identifiable information (PII) - such as names, email addresses, phone numbers, addresses and more - but did not expose payments data that could be used to facilitate financial fraud.
- Check out our list of the best mobile workstations (opens in new tab) on the market
- We've built a list of the best antivirus services (opens in new tab) around
- Here's our list of the best business laptops (opens in new tab) available
Razer data leak
According to Diachenko, the Elasticsearch cluster was publicly available from August 18 onwards, indexed by public search engines.
The researcher first alerted Razer to the configuration error in mid-August, but the issue remained unresolved for a number of weeks, despite correspondence with various members of the firm’s support team.
“The server misconfiguration has been fixed on September 9, prior to the lapse being made public,” said Razer in a statement delivered to Diachenko.
“We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security systems. We remain committed to ensure [sic] the digital safety and security of all our customers.”
To shield against credential stuffing attacks, gamers who suspect their data may have been compromised are advised to change their Razer credentials, as well as passwords for any other online accounts that use the same combination.
The information held on the unsecured database could also be used to launch targeted spear-phishing (opens in new tab) attacks, so Razer customers should also be wary of clicking links and opening attachments held in emails relating to the firm, which could be fraudulent.
- Here's our list of the best password managers (opens in new tab) around
Via Bleeping Computer (opens in new tab)
