UPDATED 23:39 EST / SEPTEMBER 10 2020

SECURITY

Customer data from gaming hardware maker Razer found exposed online

More than 100,000 customer records belonging to Razer Inc. have been found exposed online in yet another case of a company failing to secure its online storage.

Discovered and publicized today by security researcher Bob Diachenko, the exposed data included full names, emails, phone numbers, customer internal IDs, order numbers, order details, billing and shipping addresses.

Razer, based in Irvine, California, and Singapore, manufactures high-end gaming-focused hardware ranging from laptops to gaming keyboards and mice, and it’s also being involved in esports and financial services. It competes directly with Micro-Star International Co. Ltd. in the gaming equipment market.

Before going public with the disclosure, Diachenko reached out to Razer with his discovery of the exposed data, but it took three weeks for the company to take the Amazon Web Services Inc. Elasticsearch database down.

As with all exposed databases, the risk is that the data, presuming that it had been accessed by bad actors, can be used for phishing attacks and other forms of malicious activity.

Chris DeRamus, vice president of technology, cloud security practice at security operations company Rapid7 Inc., told SiliconANGLE that breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total.

“If accessed by bad actors, the sensitive information exposed from Razer’s Elasticsearch database is more than enough fodder to launch targeted phishing attacks, engage in account takeover fraud or even make a quick profit by selling the data on the dark web,” DeRamus said.

Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., said organizations must take a more proactive and holistic approach to cloud security to identify and remediate misconfiguration. “By implementing multifaceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage, organizations can ensure the privacy and security of sensitive information,” he said.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU