Razer specializes in gaming lifestyle, hardware, and services like Razer Fintech, an online-to-offline digital payment network. Unfortunately, it appears that 100,000 Razer customers have had some of their personal information exposed online. Leaked data includes full name, email, phone number, customer internal ID, order number, order details, billing, and shipping address. A new report from an independent cybersecurity consultant, Volodymyr “Bob” Diachenko, details why this happened and how the breach was discovered. Razer has also responded to the report in a public statement.
Due to a server misconfiguration, customer data from Razer’s website, not including credit card information, was made public. The report can’t pinpoint the amount of potential victims, as it reads “The exact number of affected customers is yet to be assessed as originally it was part of a large log chunk…” Diachenko does estimate the total to be around 100,000 customers. He also reported the breach to Razer, but he says his claims “…never reached [the] right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access…” According to Razer, the issue was resolved on September 9th, prior to it being made public by Diachenko’s report.
The company’s statement assures customers going forward, saying “We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.” Diachenko updated his report with the statement from Razer, and maintains his goal of minimizing user risk, saying “Our findings are compiled into reports like this one to raise awareness and curb misuse of personal data by malicious parties.” To read the full report, click here.