Gaming hardware manufacturing company Razer accidentally leaked the data of as many as 100,000 customers, according to security researcher Bob Diachenko.
Diachenko said in a report that the company misconfigured one of its Elasticsearch servers, leaving information available to the public and indexed by public search engines since August 18. The information leaked included customers’ full names, emails, phone numbers, and shipping addresses.
It took Razer several weeks to respond to Diachenko, but the company finally responded and said it fixed the misconfiguration on September 9. The company claims that passwords and credit card information weren't involved in the leak.
"We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems," the company told Diachenko. "We remain committed to ensure the digital safety and security of all our customers."
Watch for suspicious emails
Improperly accessed information could be used by scammers to carry out phishing attempts, so Diachenko urges gamers to “be on the lookout for phishing attempts sent to their phone or email address.”
“Malicious emails or messages might encourage victims to click on links to fake login pages or download malware onto their device,” he noted. “Razer customers could be at risk of fraud and targeted phishing attacks perpetrated by criminals who might have accessed the data.”
Razer said customers with any questions about the leak can send a message to DPO@razer.com.