silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
- Content source
- https://threatpost.com/razer-gaming-fans-data-leak/159147/
An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher.
Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see. It contained a raft of information of use to cybercriminals, including full name, email, phone number, customer internal ID, order number, order details, billing and shipping address.
Diachenko said that he estimated the number of customers affected – Threatpost reached out to Razer for more details.
“The exact number of affected customers is yet to be assessed, as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines,” he said, in a LinkedIn posting on Thursday. “Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K.”
Razer Gaming Fans Caught Up in Data Leak
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
threatpost.com