Thousands Of Razer Customers Order And Shipping Details Exposed On The Web Without Password

Security researchers today revealed that Razer, Inc., a global gaming hardware manufacturing company, e-sports and financial services provider, left thousands of customers’ order and shipping details exposed on the web without password via a misconfigured server. The exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing and shipping address. The exact number of affected customers is yet to be assessed as originally it was part of a large log stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines. Based on the number of the emails exposed, researchers estimate the total number of affected customers to be around 100K.


EXPERTS COMMENTS
Chris DeRamus , VP of Technology Cloud Security Practice,  Rapid7
September 11, 2020
Automation takes the headache out of making cloud infrastructure secure in a shared responsibility world.
Leaving a database publicly accessible, unprotected without even a password, is a preventable yet common cause behind massive data leaks. In fact, breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total. If accessed by bad actors, the sensitive information exposed from Razer’s Elasticsearch database is more than enough fodder to launch targeted ph ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article