Gaming hardware vendor Razer has accidentally exposed the personal information of over one lakh gamers that was available for nearly a month for hackers to exploit.Security researcher Volodymyr Diachenko discovered that customer data on Razer`s website was made publicly available because of a server misconfiguration.Leaked data included full name, email, phone number, customer internal ID, order number, order details, billing, and shipping address.
“My message never reached the right people inside the company and was processed by non-technical support managers for more than three weeks until the instance was secured from public access,” Diachenko said in a post on LinkedIn.
Razer is a global gaming hardware manufacturing company, esports, and financial services provider.In a statement, the company accepted the server misconfiguration.”We were made aware by Volodymyr of a server misconfiguration that potentially exposed order details, customer, and shipping information. No other sensitive data such as credit card numbers or passwords were exposed,” the company said.
“The server misconfiguration has been fixed on September 9, prior to the lapse being made public,” the company added.However, according to Diachenko, the customer records could be used by hooligans to launch targeted angling attacks wherein the scammer poses as Razer or a related company.”Customers should be on the lookout for phishing attempts sent to their phone or email address. Spam emails or messages might encourage victims to click on links to fake login pages or download malware onto their device”.Razer customers could be at risk of fraud and targeted phishing attacks perpetrated by criminals who might have accessed the data, the security researcher warned.
Post Your Comments