The latest data breach to make headlines is that of SCUF Gaming, which has left the records of over one million customers exposed online. Its database contained the names and contact information of people who have bought products from the company. This was in addition to other potentially identifying data.
Founded in 2010, SCUF Gaming International is owned by American computer hardware company Corsair Components. Corsair offers different kinds of computer accessories, including wireless drives, keyboards, headsets, and flash drives. SCUF, meanwhile, only specializes in consoles by providing third-party controllers to PlayStation and Xbox owners. Customers can personalize their controllers before buying from the SCUF Gaming website.
The data breach was discovered by Comparitech security researcher Bob Diachenko, who quickly informed SCUF Gaming that its customer database had been exposed for "about two days." It's been confirmed that a ransom note was found requesting payment in Bitcoin.
SCUF Gaming quickly investigated the matter once notified and went on to secure its database. Comparitech reassured the company that the data was intact and that it was exposed long enough for threat actors to download any information. SCUF informed its customers of the data breach on April 10, promising them that no critical information had been stolen.
In a statement regarding the incident, SCUF Gaming stated the ransom note is said to have been placed there by a bot. "We have no evidence that either the bot or any other actor was able to misappropriate customer data," SCUF Gaming said.
What's unknown, however, is if the hackers had accessed the data or recorded it by an alternative method. With the records, an outside party could boost their malicious attacks by posing as SCUF Gaming. But the fact that SCUF notified its customers about the data exposure is admirable, but it goes without saying that it should make changes to its security protocols and ensure that all of its customers are safe while buying from its website.
Luckily, the compromised database didn't have the full credit card information of SCUF's customers, and user logins are also safe. It didn't have customers' billing and shipping addresses either.
It's common for online stores to have a copy of their customers' information. This is for the convenience of both the seller and the buyer, and to make advertisements easier to pull off as well. It's a good thing online stores only show the last few digits of people's credit card number. Otherwise, attacks would be more damaging than it already is.
