Data leak at gaming firm Razer may have exposed 100,000 gamers’ personal information

SINGAPORE — The personal information of an estimated 100,000 customers of gaming hardware maker Razer was leaked online for three weeks, potentially exposing them to scams, though the firm said on Tuesday (Sept 15) that no credit card numbers or passwords were involved.

Security researcher Volodymyr “Bob” Diachenko revealed the leak in a post on networking site LinkedIn last Thursday, after he discovered a server belonging to Razer was misconfigured for public access and indexed by public search engines.

Inside the server were logs containing the full names, email addresses, phone numbers, order details, billing and shipping addresses of the firm’s customers, Mr Diachenko said.

“Based on the number of the emails exposed, I would estimate the total number of affected customers to be around 100,000,” he wrote.

Razer, known for its high-end gaming gear such as laptops and keyboards, has headquarters in both Singapore and California in the United States.

Upon discovering the leak, Mr Diachenko immediately notified Razer through its support channel.

The server had been misconfigured since Aug 18, but it took the company more than three weeks to secure the data breach in the system after his email was bounced around different support representatives, he said.

Mr Diachenko added that during that time, scammers could have accessed the customer records and committed fraud and targeted phishing attacks by, for example, posing as Razer employees and encouraging victims to click on links to fake login pages or download malware onto their devices.

In a statement to TODAY on Tuesday, Razer said that the error had been fixed last Wednesday, before the lapse was made public.

“We were made aware by a security researcher of a server misconfiguration that potentially exposed order details, customer and shipping information,” the firm said. “No sensitive data such as credit card numbers or passwords was exposed.

“We sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers.”

Asked by TODAY about Mr Diachenko’s estimate of 100,000 affected customers, a Razer spokesperson said that she was unable to immediately confirm the figure.

The company said that customers who have questions about the incident may email DPO [at] razer.com.