A misconfigured Elasticsearch server is responsible for exposing the personal details of a large number of Razer customers.
The IT security researchers Volodymyr “Bob” Diachenko identified a security lapse at Razer Inc., a globally operating gaming hardware manufacturer, which led to the exposure of the private data of nearly 100,000 customers of Razer.
It is unclear exactly how many customers were impacted by the unfortunate configuration mishap. Diachenko claims that his assumption that roughly 100,000 customers are affected is based on the number of exposed email IDs.
The exposed data includes sensitive private details, such as full name, phone number, email address, internal customer ID, billing/shipping address, order details, and order number.
Diachenko revealed that the data was originally part of a massive reserve of information that the company had stored in an Elasticsearch server.
See: 9,517 unsecured databases identified with 10 billion records globally
The incident should not come as a surprise since Elasticsearch servers have a long history of exposing data online. Furthermore, misconfigured databases have exposed billions of sensitive records in the last couple of years. In fact, the situation is so critical that according to a new poll, database configuration errors are the number one threat to cloud security.
According to a blog post published by the researcher, a configuration error caused the data to become publicly accessible from August 18, 2020. What’s worse is ..
Support the originator by clicking the read the rest link below.
