The misconfigured server appears to have held fresh information from an estimated 100,000 customers, including their phone numbers and shipping addresses, according to security researcher Bob Diachenko.
If you recently bought a product from PC gaming vendor Razer, your order details may have been accidentally leaked over the internet.
Security researcher Bob Diachenko recently discovered a server belonging to Razer that was misconfigured for public access. Inside the server were fresh logs concerning customer orders going back to July and August.
“Exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing and shipping address,” Diachenko wrote in his report on the data leak.
phishing emails, and other identity theft schemes.
“Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K,” Diachenko added.
The misconfigured server had been open to the public since Aug. 18, and was indexed by search engines. Upon discovery, Diachenko promptly notified Razer via the company’s support channel. But in his report, he wrote: “My message never reached the right people inside the company and was processed by non-technical support managers for more than three weeks until the instance was secured from public access.”
Razer did not immediately respond to a request for comment. But according to Diachenko, the PC gaming vendor did send him a statement on the data leak, which says the company secured the misconfigured server on Wednesday, Sept. 9.
“No other sensitive data such as credit card numbers or passwords was exposed,” Razer said in their statement to Diachenko. “We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.”
- Hackers From Russia, China, Iran Are Targeting Presidential Campaigns, Microsoft Warns
- Portland, Oregon Imposes Strict Ban on Facial-Recognition Technology
- Yubico Security Key That Supports USB-C and NFC Is Finally Here for $55
- Is That Call Legit or Spam? ‘Verified Calls’ From Google Will Tell You
- More in Security