In keeping with the safety researcher Volodymyr Diachenko the client knowledge on Razer’s web site was obtainable publicly on August 18 due to a server misconfiguration.
“The precise variety of affected clients is but to be assessed as initially it was half of a giant log chunk saved on an organization’s Elasticsearch cluster misconfigured for public entry since August 18th, 2020 and listed by public engines like google. Based mostly on the variety of the emails uncovered, I’d estimate the whole variety of affected clients to be round 100K,” Diachenko wrote in a weblog submit.
Diachenko additionally reached out to Razer to clarify concerning the knowledge expose. The corporate has now acknowledged the problem and likewise launched an official assertion.
The assertion shared by the corporate reads, “We had been made conscious by Mr. Volodymyr of a server misconfiguration that probably uncovered order particulars, buyer and delivery info. No different delicate knowledge comparable to bank card numbers or passwords was uncovered. The server misconfiguration has been fastened on 9 Sept, previous to the lapse being made public. We want to thanks, sincerely apologize for the lapse and have taken all obligatory steps to repair the problem in addition to conduct a radical assessment of our IT safety and techniques. We stay dedicated to make sure the digital security and safety of all our clients.”
Diachenko provides that no delicate info like bank card particulars had been uncovered however the electronic mail addresses made public can be utilized for phishing assaults.