While companies are regularly beset with leaks, oftentimes no serious harm comes as a result. Leakers may drop a console price prematurely, or players could find out about a game earlier than expected. However, in this concerning scenario, a recent breach on Razer's servers revealed thousands of customers' personal data to the public, causing widespread concern and criticism. Thankfully, Razer has resolved the breach and issued a new statement to its user base to address the situation.
During some online work, cybersecurity consultant Volodymir Diachenko discovered a server error which exposed log data from Razer's website. According to Diachenko's report on LinkedIn, the misconfiguration revealed order details from thousands of transactions on Razer's digital store. Although this data also appeared on public search engines, Razer confirmed that it closed the leak on September 9.
In the report, Diachenko explained that a misconfigured Elasticsearch cluster on a Razer server caused the massive leak. The compromised information specifically included whatever items were included in the leaked orders, customer names, phone numbers, shipping and e-mail addresses. However, Razer later added that this leaked information did not include credit card information, passwords or other "sensitive" data. In light of the breach, Diachenko warned that hackers could target customers using Razer's data to create convincing phishing attacks, and advised customers to be wary of suspicious emails, messages, and phone calls.
Specifically, he recommended potential victims to not click on malicious links or download malware into their systems. Because the chunk of leaked data was so large, Diachenko could not confirm an exact number of compromised users, but gave an estimate of 100,000 victims. He also confirmed that this leak did not impact customers from third party vendors.
Following his discovery on August 28, Diachenko immediately reported his findings to Razer. However, the security researcher found the gaming technology company's response to be sluggish, as his message failed to reach the "right people." Instead, non-tech support representatives passed around the issue for over three weeks before Razer finally resolved the problem. Both LinkedIn and Twitter users expressed their disappointment with Razer. While one LinkedIn user claimed he was saddened by Razer's failures, others discussed similarly frustrating run-ins with the company's customer service, which failed to resolve their problems.
Unfortunately, Razer's delayed response to the situation will likely damage faith in the company's ability to protect personal data as much as it will impact recent customers. Hopefully, the negative response to this recent leak will motivate Razer to take preventative measures in order to reduce the risk of a repeat offense.
Source: Volodymir Diachenko