Razer, the gaming hardware manufacturer known for laptops, keyboards, and other high-end gaming devices has suffered a data leak after an exposed database from their online store was discovered. Around August 19th, security researcher Bob Diachenko found the exposed database with approximately 100,000 people’s records from the online store. The exposed database included customer names, email addresses, phone numbers, order numbers, order details, and billing and shipping information. It appears from screenshots that the exposed database did not contain any financial information. Mr. Diachenko attempted to alert Razer to the issue and received a response on September 9th stating that the exposed database was secured and thanked Mr. Diachenko for his help.
Analyst Notes
These exposed databases are a treasure trove for attackers. The information contained provides information for targeted phishing campaigns. Customers of Razer should treat emails that appear to be from Razer with suspicion. To purchase further items, customers should go directly to Razer’s website and not follow links in their emails. It is also advisable for organizations to routinely test their security protocols to verify that databases are secured and not exposed to the Internet. This usually involves a combination of carefully reviewing security settings of the database configuration and scanning IP address ranges used for database servers to verify that the data is not accessible without authentication.
Source Article: https://www.bleepingcomputer.com/news/security/razer-data-leak-exposes-personal-information-of-gamers/
