Tuesday, September 15th 2020

Razer Leaks Personal Information of Over 100,000 Gamers

Security researcher Volodymyr Diachenko has discovered a security breach over at hardware peripheral manufacturer Razer. Reportedly, Mr. Volodymyr found a badly configured Elasticsearch cluster filled with over 100,000 data entries of Razer customers. That means that anywhere from customer email, physical address and phone number have been exposed to the public, making this leak potentially dangerous. What is even more dangerous is that the Elasticsearch cluster was not only exposed to the internet, however, it was also indexed by a search engine, making the data more easily searchable and discoverable. This is a pure admin fail, no hacking was required, they just left the front door open. Razer issued an official response to the incident below:
Razer
We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.
Above you can see example of indexed customer information. Razer has also said that concerned customers can reach out to the DPO@razer.com email address and get help form Razer's employees.
Source: Ars Technica
Add your own comment

19 Comments on Razer Leaks Personal Information of Over 100,000 Gamers

#1
PooPipeBoy
Yeah I'd be pretty pissed if my contact details were in there. I had my mobile number leak into the wrong hands about five years ago and telemarketers were calling my mobile number twice a week for over a year. That seriously grates on your nerves when there's no way to stop it unless you get a new number. Mobile and email are just as sensitive as credit card details.
Posted on Reply
#2
my_name_is_earl
US govt require company to keep and maintain customer's data. Sound really good now don't it? /sar
Posted on Reply
#3
Vayra86
WELL PLAYED. Keep at it people. Keep using login peripherals. Go go! Its totally not an issue whatsoever.

If you are an EU citizen... immediately file an officlal GDPR complaint. Nail those fuckers down. Its time to start defending your personal data no matter who keeps it for you.
Posted on Reply
#4
freeagent
There won’t be consequences because no fucks are given. Misconfigured server? Really?? What kind of fisher price operation do they have over there? You get what you pay for..
Posted on Reply
#5
AsRock
TPU addict
freeagent
There won’t be consequences because no fucks are given. Misconfigured server? Really?? What kind of fisher price operation do they have over there? You get what you pay for..
Razer are pretty expensive so your not actually getting what you payed for.
Posted on Reply
#6
Assimilator
Vayra86
WELL PLAYED. Keep at it people. Keep using login peripherals. Go go! Its totally not an issue whatsoever.

If you are an EU citizen... immediately file an officlal GDPR complaint. Nail those fuckers down. Its time to start defending your personal data no matter who keeps it for you.
This, absolutely this.

Unless companies are hit in the only place that matters to them (bank balance), they will never fix their shit. "Misconfigured server" is simply lawyer-speak for "didn't bother to do due diligence".
Posted on Reply
#7
bonehead123
This only serves to take my dislike of Razer to a new level....

shit products made by a shit-4-brains company that has shit-4-brains people working in their data centers...
Posted on Reply
#8
Tinchouru1
Whenever there would be the application, I would open the microphone when I don't have rayzer headphone peripherals, it always seemed strange to me
Posted on Reply
#9
Bjorn_Of_Iceland
Main reason why I do not give away real information nor use my actual email whenever I register in these kind of establishments :'D.
Posted on Reply
#10
yotano211
I use a junk email for anything like this but I dont sign up for everything that tells me too.
Posted on Reply
#11
moproblems99
Bjorn_Of_Iceland
Main reason why I do not give away real information nor use my actual email whenever I register in these kind of establishments :'D.
yotano211
I use a junk email for anything like this but I dont sign up for everything that tells me too.
You guys use junk emails when you place orders? That's rage.
Posted on Reply
#12
bug
Vayra86
WELL PLAYED. Keep at it people. Keep using login peripherals. Go go! Its totally not an issue whatsoever.

If you are an EU citizen... immediately file an official GDPR complaint. Nail those fuckers down. Its time to start defending your personal data no matter who keeps it for you.
Amen to that.
I've always said login peripherals is just dumb. Only to be greeted with "it's not so bad" or "but the software is nice". I went with a mouse and keyboard that have on-board memory instead, so that after you configure them you can forget about custom software altogether.
Posted on Reply
#13
Hatrix
you have to use Razer software in order to turn on the pretty lights to your liking :slap:
Posted on Reply
#14
Vayra86
bug
Amen to that.
I've always said login peripherals is just dumb. Only to be greeted with "it's not so bad" or "but the software is nice". I went with a mouse and keyboard that have on-board memory instead, so that after you configure them you can forget about custom software altogether.
Sleeping under a bridge isn't so bad either, would be my reply to that lol. Its the same as the 'I have nothing to hide' crowd. Stupidity at its finest, there are no others words for it. Or just a brutal lack of experience.
Posted on Reply
#15
InhaleOblivion
*Looks at current hardware*. Yep nothing to see here. Left this company alone eons ago. Incidents like this remind me why.
Posted on Reply
#16
remixedcat
well shit.. was about to go with them for thier linux compatibility to bind hotkeys but immma nope outta dis...

Not gonna get cut by this razer.. I got claws!!!
Posted on Reply
#17
kn00tcn
Vayra86
WELL PLAYED. Keep at it people. Keep using login peripherals. Go go! Its totally not an issue whatsoever.

If you are an EU citizen... immediately file an officlal GDPR complaint. Nail those fuckers down. Its time to start defending your personal data no matter who keeps it for you.
it's time to start reading what was leaked, which appears to be customer ORDERS for all of their products (including laptops, etc), who cares about a throwaway email login that has no info... those are some strong words that better have been said to nvidia & microsoft as they aggressively pushed for the same thing in the past
remixedcat
well shit.. was about to go with them for thier linux compatibility to bind hotkeys but immma nope outta dis...

Not gonna get cut by this razer.. I got claws!!!
what's it matter if you buy from a third party store & use linux? most companies have had leaks like this
Posted on Reply
#18
Vayra86
kn00tcn
it's time to start reading what was leaked, which appears to be customer ORDERS for all of their products (including laptops, etc), who cares about a throwaway email login that has no info... those are some strong words that better have been said to nvidia & microsoft as they aggressively pushed for the same thing in the past


what's it matter if you buy from a third party store & use linux? most companies have had leaks like this
If you are bringing counter points to everything I say maybe you ought to start thinking clearly. My reading is fine thx. The article specifically states personal information. Registered products can and have been linked to personal data because Razer has an ecosystem to make people do that. NONE of the companies I buy gear from require this of me nor do they have that same sort of info provided with my purchase.

WTF are you even on about?!
And yes, mandatory login for Nvidia et al is just as bad, I dont recall ever saying otherwise? Small difference though, neither MS or Nvidia habe had data leaks like this. And they do this a whole lot longer especially MS.

Find someone else to bother with your naiviety
Posted on Reply
#19
micropage7
AsRock
Razer are pretty expensive so your not actually getting what you payed for.
they pay for the brand only, security not included :roll::roll:
and yeah i always try something that need login especially when related to personal data since if they make a little fault there it will be a big problem
Posted on Reply
Add your own comment