Razer Accidentally Leaked Over 100,000 Customers’ Personal Info

No credit card information was exposed.

Razer, one of the leading manufacturers in gaming hardware in the world, has accidentally leaked personal information of around 100,000 customers. The company acknowledged this in a statement sent to cyber security consultant Volodymyr Diachenkom, who published a report about the issue to his LinkedIn page.

The report explains that a Razer company log was stored on an Elasticsearch cluster and had been publicly accessible since August 18, and had been indexed by public search engines. According to the statement given to Diachenkom, the issue had been fixed as recently as September 9 and is no longer accessible to the public, but that’s still about three weeks of the information being public. Luckily, credit card information and passwords weren’t part of the leak, but things like order details, shipping information, and full names were fully visible for those who knew where to look.

“We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”

In other news:

Annoyingly enough, Razer didn’t respond to Diachenkom’s request for comment for three weeks after his initially reaching out when the misconfiguration was discovered. Whether that’s because of poor communication between people in the company in getting Diachenkom’s warning in a timely manner, or by negligence is unclear. Regarding this, Diachenkom says his message “never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.”

Information leaks aren’t super common, but have happened in the video game and tech industry a few notable times, and even the biggest companies can fall victim to them. Even as recently as this April, Nintendo had an issue with over 160,000 Nintendo Network IDs being compromised by a hacking attempt. While credit card information was kept safe like it was in this Razer leak, affected accounts could still be used to make purchases on the Nintendo eShop, which Nintendo refunded without question at the time. Perhaps the most notable instance of an information leak with the games industry was the PlayStation Network outage in 2011, which exposed personal information of every member of the online service, followed by a nearly month-long outage of PlayStation’s online services while the company attempted to fix the issue, but that didn’t stop it from dealing with the legal ramifications.