BreachExchange mailing list archives
Customer data from gaming hardware maker Razer found exposed online
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 14 Sep 2020 09:15:51 -0500
https://siliconangle.com/2020/09/10/customer-data-gaming-hardware-maker-razer-found-exposed-online/ More than 100,000 customer records belonging to Razer Inc. have been found exposed online in yet another case of a company failing to secure its online storage. Discovered and publicized today by security researcher Bob Diachenko, the exposed data included full names, emails, phone numbers, customer internal IDs, order numbers, order details, billing and shipping addresses. Razer, based in Irvine, California, and Singapore, manufactures high-end gaming-focused hardware ranging from laptops to gaming keyboards and mice, and it’s also being involved in esports and financial services. It competes directly with Micro-Star International Co. Ltd. in the gaming equipment market. Before going public with the disclosure, Diachenko reached out to Razer with his discovery of the exposed data, but it took three weeks for the company to take the Amazon Web Services Inc. Elasticsearch database down. As with all exposed databases, the risk is that the data, presuming that it had been accessed by bad actors, can be used for phishing attacks and other forms of malicious activity. Chris DeRamus, vice president of technology, cloud security practice at security operations company Rapid7 Inc., told SiliconANGLE that breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total. “If accessed by bad actors, the sensitive information exposed from Razer’s Elasticsearch database is more than enough fodder to launch targeted phishing attacks, engage in account takeover fraud or even make a quick profit by selling the data on the dark web,” DeRamus said. Anurag Kahol, chief technology officer at cloud access security broker Bitglass Inc., said organizations must take a more proactive and holistic approach to cloud security to identify and remediate misconfiguration. “By implementing multifaceted solutions that enforce real-time access control, detect misconfigurations through cloud security posture management, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage, organizations can ensure the privacy and security of sensitive information,” he said. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Customer data from gaming hardware maker Razer found exposed online Destry Winant (Sep 14)