Tuesday, September 15th 2020
Security researcher Volodymyr Diachenko has discovered a security breach over at hardware peripheral manufacturer Razer. Reportedly, Mr. Volodymyr found a badly configured Elasticsearch cluster filled with over 100,000 data entries of Razer customers. That means that anywhere from customer email, physical address and phone number have been exposed to the public, making this leak potentially dangerous. What is even more dangerous is that the Elasticsearch cluster was not only exposed to the internet, however, it was also indexed by a search engine, making the data more easily searchable and discoverable. This is a pure admin fail, no hacking was required, they just left the front door open. Razer issued an official response to the incident below:Source: Ars Technica
We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed.
The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public.
We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.