Razer leaked personal information for thousands of customers
Oh no
Razer, the hardware company known for keyboards and mice lit up like Borg Cubes, have accidentally exposed personal information for an estimated 100,000 customers. Names, phone numbers, e-mail addresses, billing addresses, shipping addresses, and details on what people bought were all leaked, in a way that even search engines picked up. That's bad. Credit card numbers and account passwords were thankfully kept safe, but the information that did leak can still be used for a lot of harm.
Cybersecurity consultant Volodymyr "Bob" Diachenko revealed the leak last week. He explained that a misconfigured system meant records of many orders were openly available online from the 18th of August, and was even picked up by public search engines. He estimated that it affected around 100,000 customers. That is a lot of information for a lot of people.
"The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public," Razer said in a statement to Diachenko, the day after his post.
"We would like to thank you, sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers."
If you've bought anything from Razer, you should be especially vigilant with your security now. Names, addresses, phone numbers, and such can be a huge problem for everything from harrassment to phishing and fraud. Sure, your credit card number is safe, but that's not a huge amount of consolation.
"The customer records could be used by criminals to launch targeted phishing attacks wherein the scammer poses as Razer or a related company," Diachenko advised. "Customers should be on the lookout for phishing attempts sent to their phone or email address. Malicious emails or messages might encourage victims to click on links to fake login pages or download malware onto their device."
Razer make some great hardware but sheesh. The fact that they make luxury goods might even make their customers bigger targets. Ars Technica say Razer told them concerned customers can send questions to DPO@razer.com. That's the same e-mail address their privacy policy says users should contact to get help lodging a complaint with authorities "if they consider that our processing of their personal information infringes the applicable data protection laws." Maybe you want that help?
I'm mostly horrified by the possibility that a stranger might tell my mum I spent $69,420 on gamer gum.