Razer accidentally exposed data of 100,000+ customers

Shawn Knight

Posts: 14,321   +162
Staff member
Bottom line: A misconfigured server recently exposed personal information from what is estimated to be north of 100,000 Razer customers. Just because no sensitive information was exposed doesn’t mean it couldn’t be damaging. Spammers use sources like this all the time to build up-to-date databases for spam and phishing campaigns.

Independent security researcher Volodymyr "Bob" Diachenko was the first to report on the matter. Diachenko said he immediately reached out to Razer’s support channel but his message never found the right people inside the company. Instead, he said it was processed by non-tech support managers for more than three weeks before being resolved.

Exposed data reportedly included full names, e-mail addresses, phone numbers, order numbers and customer ID numbers as well as shipping and billing addresses. Diachenko said it was part of a large log chunk stored on an Elasticsearch cluster that had been misconfigured since August 18. Worse yet, it was being indexed by public search engines.

Razer in a statement to Diachenko noted that the misconfigured server was fixed on September 9, adding that sensitive data such as passwords or payment card numbers were not exposed.

The Verge said Razer confirmed the issue via e-mail, adding that anyone with concerns could reach out to customer support for more information.

Masthead credit: Sharaf Maksumov

Permalink to story.


Darth Shiv

Posts: 2,307   +845
I stopped using their products when they forced their users to have an account to use their products and software
Razer Synapze is junk is what got me off Razer. BSODs, instability, making my keyboard repeat keystrokes. Unusable after years of reporting the exact same issues. Their QA is just legendarily bad like Creative drivers or Intel iGPU division.


Posts: 1,318   +535
This is such a normal thing in corporate world. Just because your favorite corporation didn't expose their customer data, doesn't mean they are safe. It just means the hackers didn't hit the right machine so far. Also, if something is secure today, doesn't mean it's still secure tomorrow. Network services are constantly being added and modified. Not always following the best security practices. Not to mention, new employees are constantly being hired. Some of them are hired because they would work for a lower salary, and not because of their expertise.