A security researcher has identified a data breach at Razer that affects various personal information belonging to more than 100,000 Razer customers. Addresses and order details are public.
Security researcher Volodymyr Diachenko discovered an Elasticsearch data cluster from hardware manufacturer Razer on the Internet, which was apparently exposed as part of a data leak. The cluster contains information from more than 100,000 Razer customers, including email addresses, physical address details, and phone numbers.
Search engine has indexed the data
The problem with this is that the data leak is particularly dangerous because it not only appeared on the Internet but is also in the index of a search engine. This makes it particularly easy to find the data. A hacking attack is not supposed to be responsible for the data leak, instead, it is probably an administration error.
Razer himself writes:
” Mr. Volodymyr has made us aware of a misconfiguration of our server which may have disclosed order details, customer, and shipping information. No other sensitive data such as credit card numbers or passwords have been made public. We fixed the misconfiguration on September 9th, 2020, even before the data leak became public. We would like to thank and sincerely apologize for the leak. We have taken all necessary steps to remedy the problem and conduct a thorough review of our IT security and systems. We remain committed to the digital security of every one of our customers. “
Anyone who is concerned that they have been affected by the data breach can contact DPO@razer.com and ask customer service for help.