Have you made any purchases from Razer recently? If so, your order information and personal details may have been exposed on the open web.
Weeks ago, cyber security researcher Volodymyr Diachenko discovered that the gaming peripheral company had accidentally leaked the names, emails, phone numbers, internal IDs, order numbers, order details, and billing and shipping addresses for over 100,000 customers. Luckily, passwords weren’t involved, but this is quite a bit of sensitive information.
“The exact number of affected customers is yet to be assessed as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” Diachenko noted. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Razer released the following statement weeks after the discovery:
We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.
According to Diachenko, anyone who made an order in July and/or August 2020 are affected. They should remain vigilant and keep their eyes peeled for any funny business, such as phishing scams.