Popular gaming peripheral manufacturer Razer has conducted a blunder which sees a record of many of its users’ sensitive data bare on the internet for over a month. The information includes full name, email address, phone number, billing and shipping address, etc.
Independent cybersecurity consultant, Volodymyr Diachenko, came across the issue which he documents after it got resolved. In a LinkedIn post, Diachenko reveals the details of the incident, citing how the leak was prolonged after failing to connect with the company’s significant staff. The problem was originally discovered on Aug. 18, 2020.
“I have immediately notified the company via their support channel on the exposure, however my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.”
Not a Cyber Hack
Not necessarily a case of a breach, the cybersecurity expert points to the issue as a case of misconfiguring the system’s database. Subsequently, giving the public access to a set of data that are otherwise exclusive to Razer for its business operations. The data were apparently indexed in Google that makes them accessible with the right query.
As per estimates, Volodymyr Diachenko claims that around 100k customer users were affected as a result of the accidental leak.
Acknowledging the issue and Volodymyr Diachenko’s important role in the discovery, Razer sent the following messages:
“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”
As a cybersecurity expert, Diachenko fears that the exposed information could be used as a tool for phishing. One that could be cleverly used and make unaware individuals fall victim to cyber theft or other related criminalities.
He specifically pinpoints Razer customers who made a recent purchase from California to be the likely prey, due to the incident. Particularly, those who made an order between the months of July and Aug. 2020.
Image used courtesy of RJA1988/Pixabay