What you need to know
- Razer is an influential gaming PC and accessory company that has made its name for their quality and design.
- According to a new report, a leak revealed the information of possibly more than 100,000 customers as early as August 18, 2020.
- The leak revealed names, phone numbers, emails, addresses, and order information, although supposedly no credit card information or passwords.
- The leak was resolved on September 9, over three weeks after the leak was discovered.
Razer is a gaming-focused company that constantly accrues high critical acclaim for its gaming laptops like the Razer Blade Pro 17 and accessories like the Razer Naga Pro mouse, and has developed quite a brand identity for itself. However, a recent report (opens in new tab) throws some shade over the company's reputation by revealing that a leak inside Razer revealed personal information for an estimated 100,000 customers. The leak revealed full names, emails, phone numbers, customer internal ID's, order numbers, order details, and billing and shipping addresses.
According to the report, the leak from a log chunk stored on their Elasticsearch cluster, which was misconfigured to allow public access. Because of this, public search engines indexed the information and it was all available to the public. However, the most egregious facet of this leak is how early this all began: August 18, 2020. The person behind the report immediately notified Razer of the leak, but was relegated to non-technical support managers for three weeks before Razer finally responded to the leak.
The report contains the following comment from Razer:
The leak has since been resolved, according to Razer, as of September 9, 2020, meaning customer information was out in the open for just over three weeks. While credit card information and passwords weren't exposed, this is still a lot of information that could've been accessed by anyone. It's not clear what steps Razer is taking to help affected customers and prevent this from happening again, but hopefully Razer will reach out to anyone who may have been exposed by the leak.
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
Zachary Boddy (They / Them) is a Staff Writer for Windows Central, primarily focused on covering the latest news in tech and gaming, the best Xbox and PC games, and the most interesting Windows and Xbox hardware. They have been gaming and writing for most of their life starting with the original Xbox, and started out as a freelancer for Windows Central and its sister sites in 2019. Now a full-fledged Staff Writer, Zachary has expanded from only writing about all things Minecraft to covering practically everything on which Windows Central is an expert, especially when it comes to Microsoft. You can find Zachary on Twitter @BoddyZachary.
The key issues here doesn't seem to be adressed by their statement:
- They did not asure procedures were changed, so you would not hit the support loop when reporting security risks later on. - They also did not make it clear why they were storing valuable information (for hackers) unencrypted
- - And they did not promise to change this questionable practice.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.