Razer Gaffe Exposes Customer Data

The data of around 100,000 Razer customers has been exposed online following a misconfiguration faux pas.

The lapse by the global hardware manufacturing company and eSports and financial services provider was discovered by cybersecurity expert Volodymyr "Bob" Diachenko.

Customer data impacted by the cyber-slipup included full name, email, phone number, customer internal ID, order number, order details, and billing and shipping address.

According to Diachenko, the data was part of a sizable log chunk stored on Razer's Elasticsearch cluster that had been "misconfigured for public access since August 18, 2020, and indeed by public search engines." 

The independent cybersecurity consultant and owner of SecurityDiscovery.com said it was unclear precisely how many customers had been affected by the issue.

"The exact number of affected customers is yet to be assessed," said Diachenko, "Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100K."

Reporting the misconfiguration mistake to Razer was a frustrating process for Diachenko. 

He said: "I have immediately notified the company via their support channel on the exposure, however my message never reached right people inside the company and was processed by non-technical support managers for more than 3 weeks until the instance was secured from public access."

In a statement sent to Diachenko, Razer said: "We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other se ..

Support the originator by clicking the read the rest link below.