Gaming
Razer exposed over 100K customers' info thanks to a misconfigured server
The company took more than three weeks to resolve the issue.
Razer, the popular maker of gaming hardware, accidentally exposed more than 100,000 customers who recently purchased products from the company. Security researcher Bob Diachenko discovered that it misconfigured and made publicly-accessible a server that held customer names, emails, phone numbers, and shipping addresses. Passwords and credit card numbers are apparently safe, but the data that was exposed could be used for phishing attempts.
And I oop — What's most worrying is that Razer took more than three weeks to respond to Diachenko's August 18th inquiry and close up the security hole on September 9th. There's no evidence the data was ever accessed and used improperly, however.
Of course, so long as credit card details weren't obtained, it isn't the most damaging breach in the world. But nefarious actors could use the stolen information and pretend to be a representative from Razer or another company, tricking you into handing over further sensitive information. Phishing is actually the most common way to gain unauthorized access to information rather than any technical breach employing software hacks.
Protect yourself — Sadly online it's hard to completely protect yourself from such breaches because you're relying on companies to have proper data hygiene, which they clearly don't always display. And so long as they report breaches in a timely fashion they're typically free from punishment.
If you bought something from Razer recently, just be careful and don't hand over sensitive information to anyone if you're unsure. If the company attempts to reach out you about an order, search online and call an official customer service number to verify the communication is legit. Don't click suspicious links, etc.