Gaming giant Razer has apparently suffered a data breach that has seen company and customer data up for sale.
A post uploaded to a hacker forum offered the stolen data from Razer's website for $100,000 of Monero cryptocurrency - a popular choice for cybercriminals - which apparently includes encryption keys, database and login credentials for Razer.com and its products.
A company spokesperson told BleepingComputer, "the team immediately conducted a thorough review of all Razer’s websites and have taken all necessary steps to secure our platforms," adding that it is "still in the midst of investigations."
User data exposed
In addition to hardware such as gaming-focused laptops, monitors and peripherals, Razer also provides services for registered users, such as access to games, rewards and offers.
The forum poster also provided screenshots as evidence of the breach, which show, among other things, lists of files, email addresses, source code for anti-cheat systems in online games, and Razer Gold balances, the company's virtual credit for its users.
BleepingComputer claims to have confirmed the user accounts among the leaked data as genuine. It also said that Razer has reset all of its users' accounts, requiring them to login again and change their passwords.
This isn't the first time the gaming company's data has been vulnerable. In 2020, a researcher found that a Razer database containing users' personally identifiable information (PII), including email and physical addresses, was publicly accessible and could have been seen by anyone, although it is not clear if any nefarious actors gained access.
The data in this most recent exposure appears to be more up to date, suggesting that the two incidents are not linked.
The Razer spokesperson also told BleepingComputer that, "once investigations have concluded, Razer anticipates that we will report this matter to the relevant authorities." Customers should direct any questions to DPO@razer.com.
- Here's the best firewall for your business
