14 January 2021
Razer, a big name in the gaming industry accidentally exposed the data of its users. As reported by a security researcher Volodymyr Diachenko on September 10, the data was available without any password for public access since August 18, 2020, and was even indexed by several public search engines as well. The exact numbers of affected customers are unknown, but based on the number of the emails exposed, the researcher estimates it to be around 100K, which is a big number.
According to the researcher, the exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing, and shipping address.
Razer wasn’t immediately available for the comment but it did offer a statement to the researcher’s report, stating that while the server misconfiguration did expose several order details, the sensitive data like credit card numbers or passwords were not exposed. Razer also said that the misconfiguration was already fixed on September 9 prior to the lapse being made public. Razer said it is aware of the mishap and sincerely apologizes for the lapse.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.
As Diachenko's report points out such leaked chunks of data can be used for some villainous acts that mainly include phishing attacks. Customers can fall into the trap of some wrongdoers that disguise themselves to take advantage of users’ data. Those who misrepresent themselves can encourage users to click on links of fake login pages or download malware onto their devices.