Data breach of potentially 100,000 Razer customers worldwide

SINGAPORE (The Straits Times/ANN): The personal and shipping information as well as order details of about 100,000 Razer customers around the world had been in danger of being exposed because a server was misconfigured, allowing the public to have access to the data.

But their credit card numbers and passwords were safe, Razer said in a statement last Friday (Sept 11).

The statement by the home-grown gaming hardware firm also said the problem was fixed two days earlier, last Wednesday.

When contacted on Tuesday, a spokesman for Singapore's Personal Data Protection Commission said it is aware of the incident and is looking into the matter. This agency comes under the Infocomm Media Development Authority.

The data breach was discovered by cyber-security consultant Volodymyr Diachenko, who wrote last Thursday on LinkedIn that he estimated the total number of affected customers to be around 100,000, based on the number of e-mail addresses exposed.

Razer has not confirmed the figure.

Diachenko said the server was misconfigured for public access since Aug 18 and he immediately notified the company via their support channel. But his message was processed by non-technical support managers for more than three weeks until the data was secured from public access.

He said exposed information included full names, e-mails, phone numbers, customer internal IDs, order numbers, order details, as well as billing and shipping addresses.

In its statement to Diachenko, Razer said the server misconfiguration potentially exposed order details, customer and shipping information.

"The server misconfiguration has been fixed on Sept 9, prior to the lapse being made public," it added.

Razer apologised for the lapse and said it had taken all necessary steps to fix it as well as do a thorough review of its IT security and systems.

"We remain committed to ensure the digital safety and security of all our customers," it added.

Diachenko said customer records could have been used by criminals to launch targeted phishing attacks in which the scammer posed as Razer or a related company. Customers could also be at risk of fraud.

He urged Razer's customers to be on the lookout for phishing attempts sent to their phone or e-mail address.

Last Thursday, ride-hailing operator Grab was fined $10,000 for failing to secure its drivers' and passengers' personal details on its mobile app, the fourth time in two years that it has been found to have breached data protection laws.

A software update to its ride-hailing app on Aug 30 last year inadvertently exposed the personal data of 21,541 GrabHitch drivers and passengers to the risk of unauthorised access. - The Straits Times/Asia News Network

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Singapore , Razer , data breach


Next In Aseanplus News

South Korea may lift indoor mask mandate in January
Bomb dropped on Myanmar monastery using drone
World Bank says Cambodia's economy recovering well in post-pandemic era
59 couples exchange marital vows in Philippine mass wedding
New global platform to enhance transparency of carbon markets rolled out in S’pore
Cambodian justice ministry responds to social media outrage in drunken driver case
Vietnam shifts gears on arms trade as it loosens ties with Russia
‘Laos will not slide into default’, PM assures National Assembly
Thai cement producers urged to eye Philippines as tax on imports end
Johor lawmaker urges state to redraw maritime border with Singapore

Others Also Read