Over 100,000 Gamers’ Personal Data Exposed From Leak By Razer

The thing about the Digital Age is that it’s incredibly easy to build something, but yet even easier to destroy or cause some damage to it. Gaming peripheral manufacturer Razer can definitely testify to the latter, having compromised the personal information of over 100,000 of its global customers as a result of a server leak.

Security analyst Volodymyr Diachenko first discovered this (via The Verge) on 10 September 2020, stating that the Singapore-based company was subject to a “server misconfiguration” that made customer data publicly viewable. This exposed the various orders made by the thousands of customers, including their email addresss, physical addresses, contact numbers, and so on.

The image below shows an excerpt of the leaked data discovered by Mr. Diachenko:

Diachenko contacted Razer to notify them on the situation, but was only replied to “more than 3 weeks” after the discovery, and have seemed to “fixed” the haywire server configuration. Razer claims that “no other sensitive data” such as credit card numbers or passwords were leaked in their response.

Here is Razer’s eventual reply to Diachenko in full, as seen on his LinkedIn blog post:

We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.

The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public. 

We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers. 

Diachenko details how all this leaked information is highly vulnerable to malicious activity, such as phishing or even the spreading of malware on their personal devices, and is offering online courses on raising cyber security awareness within firms following this incident.