Gaming hardware vendor Razer inadvertently exposed more than 100,000 gamers' personal information for almost a month, says a new report. An Elasticsearch server misconfiguration that exposed Razer's customers' data on its website caught the attention of security researcher Volodymyr Diachenko, who discovered the issue last August. After making headlines in various tech and gaming sites, Razer finally issues a response to address the problem.
The data leak in question exposed Razer's customers Personal Identifiable Information (PII), according to the security researcher. The cluster comes with records of customer orders containing information like item purchased, customer email, customer phone number, physical address, and more. In short, the usual information one would give out in a credit card transaction.
To make matters worse, the Elasticsearch cluster is not only exposed to the public but also indexed by public search engines. Diachenko discovered this on August 28 and immediately reported his findings to the gaming hardware vendor Razer. However, the security researcher found Razer's response as sluggish, as his message allegedly failed to get into the hands of the right people.
Diachenko's report was reportedly handled by non-tech representatives who passed the issue around for more than three weeks before a resolution was reached. Both LinkedIn and Twitter users aware of the issue expressed their disappointment with the gaming hardware vendor. Some of them also shared their unfortunate run-ins with Razer's customer service, which failed to offer solutions to their issues.
I must say I really enjoyed my conversations with different reps of @Razer support team via email for the last couple of week, but it did not bring us closer to securing the data breach in their systems. pic.twitter.com/Z6YZ5wvejl — Bob Diachenko (@MayhemDayOne) September 1, 2020
After multiple times contacting the gaming hardware vendor, Razer finally resolved the issue on September 9. In a response, Razer thanked Diachenko and apologized for the lapse. It also assured the security researcher that it had taken all necessary steps to address the issue. Razer shared in its response to Diachenko that it conducted a thorough review of its IT security and systems. "We remain committed to ensure the digital safety and security of all our customers," the company added. If malicious individuals or groups gained access to Razer's leaked information, they could utilize the emails to execute phishing attempts.
Sadly, as an individual, it is hard to know if the vendor you purchased something in the past can protect your information. If you are one of Razer customers and are worried about the recent data leak, you can reach out to the company by sending it an email to the address DPO@razer.com. The gaming hardware vendor's delayed response to the reported data leak will paint a negative perception in the mind of customers and prospective buyers. It could also create doubts in the consumers' minds on the company's ability to protect customers' data.
The Razer Blade Stealth 13 is the perfect tool for gaming and productivity. Our Ultrabook packs a powerful punch with its 10th gen @Intel Core i7, GeForce GTX 1650 Ti, and 120Hz Full HD display. Create impactful content and play games anywhere you go. https://t.co/HKM6jndfPX pic.twitter.com/9zK6KNBxL9 — R Λ Z Ξ R (@Razer) September 15, 2020
Unfortunately, Razer's delayed response to the situation will likely damage faith in the company's ability to protect personal data as much as it will impact recent customers. Hopefully, the negative response to this recent leak will motivate Razer to take preventative measures in order to reduce the risk of a repeat offense.
