Gaming firm Razer confirmed this week that the personal information of more than 100 000 customers including addresses and phone numbers were exposed in a data breach.
Razer data breach: What you need to know
Personal information leaked
A security researcher, Volodymyr Diachenko, reported that Razer customers’ addresses, phone numbers, order details and other shipping information were compromised in a recent data breach. He explained:
“The exact number of affected customers is yet to be assessed as originally it was part of a large log chunk stored on a company’s Elasticsearch cluster misconfigured for public access since 18 August 2020 and indexed by public search engines”.
Based on the number of emails exposed, Diachenko estimated the number of affected customers “to be around 100 000”. He said no credit card numbers or passwords were exposed.
Razer has since issued an apology for the “lapse”. The firm has taken “all necessary steps to fix the issue as well as to conduct a thorough review of [their] IT security and systems”.
“We were made aware by a security researcher of a server misconfiguration that potentially exposed order details, customer, and shipping information. No sensitive data such as credit card numbers or passwords was exposed”.
Delay in solving the data breach
According to Diachenko, it took Razer more than three weeks to respond when he tried to bring the data breach to their attention. He reached out several times before receiving a reply.
Razer responded eventually to acknowledge the breach and confirmed to The Verge that the “misconfiguration had been fixed on 9 September, prior to the lapse being made public”.
Razer said they “remain committed to ensuring the digital safety and security of all [their] customers”. Taylor Lyles reports that questions about the data breach can be sent to DPO@razer.com.
Also read WhatsApp warning: Beware of dangerous messages containing crash codes
How to safeguard your information after a data breach
Even though the data breach at Razer includes no sensitive information, Diachenko warns that the compromised data could still be used in future phishing attacks. In order to prevent falling victim, Diachenko suggests:
“Customers should be on the lookout for phishing attempts sent to their phone or email address. Malicious emails or messages might encourage victims to click on links to fake login pages or download malware onto their device”.
When falling victim to an entertainment data breach such as a data leak at a video game developer or event ticketing services the first step is to confirm whether your information was compromised.
This can be done by contacting the breached company to confirm the sensitivity of the stolen data and enquiring how they would assist in resolving the matter. It’s also important to change your credentials immediately after the breach.
If the site offers two-factor authentication, activate it. I’ve personally been the victim of a PSN hack and I cannot stress enough how important it is to have two-factor authentication activated.
Lastly, Norton Security says it’s best to stay proactive after a data breach and monitor your accounts for suspicious activity.