Razer accidentally leaks information of 100,000 user accounts

“No sensitive data… was exposed”, the company says

Singaporean–American gaming technology company Razer has confirmed that information of around 100,000 user accounts were accidentally exposed.

The data leak was first noticed by cyber security consultant Volodymyr Diachenko, who revealed the details in a LinkedIn post last Thursday (September 10). He noted that a Razer server had been “misconfigured for public access” and indexed by search engines from August 18 onwards.

The information logged within the server included full name, email, phone number, customer internal ID, order number, order details, billing and shipping address of around 100,000 users. Diachenko had contacted Razer upon noticing the leak, but claims that “my message never reached [the] right people inside the company” and had been handled by various non-technical staff for over three weeks before the issue was rectified.

Advertisement

Razer
Razer booth. Credit: Razer

Razer has since confirmed the data exposure discovered by Diachenko, but also noted that the problem was fixed prior to it being made public. The tech company also reiterated that “no sensitive data” had been leaked.

“We were made aware by a security researcher of a server misconfiguration that potentially exposed order details, customer and shipping information. No sensitive data such as credit card numbers or passwords was exposed,” Razer said in a press statement. “The server misconfiguration was fixed on the 9th September, prior to the lapse being made public.”

“We sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers.”

However, Razer has yet to confirm whether Diachenko’s estimate of 100,000 affected user is accurate. According to TODAY, the company was “unable to immediately confirm the figure”.

Advertisement

In other gaming news, EA has announced plans to completely phase out its Origin brand with the future launch of a renamed desktop launcher called EA Desktop. The overhaul is meant to move the company towards a more “consistent brand”, said Mike Blank, the senior vice president of strategic growth at EA.

Advertisement
Advertisement
Advertisement