Razer accidentally exposed over 100,000 gamers’ personal information for close to a month, according to a new report.
Security researcher Volodymyr Diachenko discovered that customer data on Razer’s website was made publicly available on August 18th because of a server misconfiguration. A redacted sample pictured below shows records of orders made on the company’s digital store, exposing personal information including email and mailing addresses, the type of product ordered, and phone numbers. Credit card information was not included.
No credit card information, but customers’ email and mailing addresses were compromised. Image: Volodymyr Diachenko
After discovering the misconfiguration online, Diachenko says he reached out to Razer several times over the span of three weeks before receiving a reply. In a statement sent to Diachenko, the gaming hardware manufacturer acknowledged the server misconfiguration and that the data leak potentially exposed personal information like full names, phone numbers, and shipping addresses for customers. Razer says that “no other sensitive data” such as payment methods were leaked. Razer says it fixed the misconfiguration on September 9th. The Verge has reached out to Razer for comment.
Even though no sensitive payment information was exposed, personal information, including email addresses, can be used for phishing campaigns to obtain further information such as passwords for online accounts or payment details.