An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher.
Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see. It contained a raft of information of use to cybercriminals, including full name, email, phone number, customer internal ID, order number, order details, billing and shipping address.
Diachenko said that he estimated the number of customers affected – Threatpost reached out to Razer for more details.
“The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” he said, in a
LinkedIn posting on Thursday. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
threatpost.com
