SINGAPORE, Sept 15 — The personal information of an estimated 100,000 customers of gaming hardware maker Razer was leaked online for three weeks, potentially exposing them to scams, though the firm said today that no credit card or passwords were involved.
Security researcher Volodymyr “Bob” Diachenko revealed the leak in a post on LinkedIn last Thursday after he discovered a server belonging to Razer was misconfigured for public access and indexed by public search engines.
Inside the server were logs containing the full names, email addresses, phone numbers, order details, billing and shipping addresses of the firm’s customers, Mr Diachenko said.
“Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100,000,” he wrote.
Razer, known for its high-end gaming gear such as laptops and keyboards, has headquarters in both California, in the United States and Singapore.
Upon discovering the leak, Mr Diachenko immediately notified Razer through its support channel.
The server had been misconfigured since Aug 18, but it took the company more than three weeks to secure the data breach in their system after his email was bounced around different support representatives, he said.
During that time, scammers could have accessed the customer records and committed fraud and targeted phishing attacks by, for example, posing as Razer employees and encouraging victims to click on links to fake login pages or download malware onto their devices, Mr Diachenko added.
In a statement to TODAY today, Razer said the error had been fixed last Wednesday, prior to the lapse being made public.
“We were made aware by a security researcher of a server misconfiguration that potentially exposed order details, customer and shipping information,” it said. “No sensitive data such as credit card numbers or passwords was exposed.”
“We sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers.”
Asked by TODAY about Mr Diachenko’s 100,000 customer estimate, a Razer spokesperson said she was unable to immediately confirm the figure.
It added that customers who have questions about this can contact the firm at DPO@razer.com — TODAY