A Razer leak reportedly revealed information for over 100,000 customers

A leak that took several weeks to repair.

by
https://www.windowscentral.com/sites/wpcentral.com/files/styles/larger_wm_brb/public/field/image/2020/09/razer-blade-pro-17-2020-15.jpg
Source: Daniel Rubino / Windows Central

What you need to know

Razer is a gaming-focused company that constantly accrues high critical acclaim for its gaming laptops like the Razer Blade Pro 17 and accessories like the Razer Naga Pro mouse, and has developed quite a brand identity for itself. However, a recent report throws some shade over the company's reputation by revealing that a leak inside Razer revealed personal information for an estimated 100,000 customers. The leak revealed full names, emails, phone numbers, customer internal ID's, order numbers, order details, and billing and shipping addresses.

According to the report, the leak from a log chunk stored on their Elasticsearch cluster, which was misconfigured to allow public access. Because of this, public search engines indexed the information and it was all available to the public. However, the most egregious facet of this leak is how early this all began: August 18, 2020. The person behind the report immediately notified Razer of the leak, but was relegated to non-technical support managers for three weeks before Razer finally responded to the leak.

The report contains the following comment from Razer:

We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public. We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.

The leak has since been resolved, according to Razer, as of September 9, 2020, meaning customer information was out in the open for just over three weeks. While credit card information and passwords weren't exposed, this is still a lot of information that could've been accessed by anyone. It's not clear what steps Razer is taking to help affected customers and prevent this from happening again, but hopefully Razer will reach out to anyone who may have been exposed by the leak.