A server misconfiguration has resulted in the Internet being exposed to data affecting thousands of Razer customers.
A Singaporean-American computer hardware, applications, and technology maker, Razer also offers its customers e-sports and financial services.
Security researcher Bob Diachenko discusses the newly found misconfigured server, which held order and delivery information for thousands of Razer ‘s clients.
The revealed knowledge, he states, was originally “part of a large log chunk stored on the Elasticsearch database in a business.” On August 18, the list, which had already been indexed by search engines, was made publicly available.
Information on the revealed customer includes names, email addresses , phone numbers, internal customer IDs, order numbers and information, and addresses for billing and delivery. That could have affected tens of thousands of Razer customers.
“Based on the amount of emails released, I will put the overall number of customers impacted at about 100 K,” says Diachenko.
While the security researcher intended to alert Razer via their help system, it took three weeks to actually resolve the vulnerability.
“My message never reached the right people within the organisation and was handled for more than 3 weeks by non-technical support managers before public access protected the case,” Diachenko reveals.
They contacted Razer via email to ask about the official status of the organisation on the incident, but did not hear back until it was released. We will change the article as soon as a reply comes in.