UPDATED 23:39 EST / SEPTEMBER 10 2020

SECURITY

Customer data from gaming hardware maker Razer found exposed online

More than 100,000 customer records belonging to Razer Inc. have been found exposed online in yet another case of a company failing to secure its online storage.

Discovered and publicized today by security researcher Bob Diachenko, the exposed data included full names, emails, phone numbers, customer internal IDs, order numbers, order details, billing and shipping addresses.

Razer, based in Irvine, California, and Singapore, manufactures high-end gaming-focused hardware ranging from laptops to gaming keyboards and mice, and it’s also being involved in esports and financial services. It competes directly with Micro-Star International Co. Ltd. in the gaming equipment market.

Before going public with the disclosure, Diachenko reached out to Razer with his discovery of the exposed data, but it took three weeks for the company to take the Amazon Web Services Inc. Elasticsearch database down.

As with all exposed databases, the risk is that the data, presuming that it had been accessed by bad actors, can be used for phishing attacks and other forms of malicious activity.

Chris DeRamus, vice president of technology, cloud security practice at security operations company Rapid7 Inc., told SiliconANGLE that breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total.

“If accessed by bad actors, the sensitive information exposed from Razer’s Elasticsearch database is more than enough fodder to launch targeted phishing attacks, engage in account takeover fraud or even make a quick profit by selling the data on the dark web,” DeRamus said.

Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., said organizations must take a more proactive and holistic approach to cloud security to identify and remediate misconfiguration. “By implementing multifaceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage, organizations can ensure the privacy and security of sensitive information,” he said.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.