Razer Left Around 100,000 Customer’s Details Just Hanging Around On The Internet

2
Razer Left Around 100,000 Customer’s Details Just Hanging Around On The Internet
Image: Razer

Being as popular as they are, peripheral specialists Razer have a lot of people’s personal details! And for a few weeks, thanks to a “misconfigured Elasticsearch cluster”, those details — including home addresses — were kinda sitting around in the open, not even protected by a password.

As Ars Technica report, the cluster was found last month by security researcher Volodymyr Diachenko, and meant that not only were details like emails, home addresses and phone numbers publicly available, but they were even being indexed by search engines.

Diachenko reported the cluster to Razer, but his emails were “processed by non-technical support managers for more than 3 weeks until the instance was secured from public access.”

Having discovered the details on August 18, Razer fixed it on September 9, and sent Diachenko — who wrote about the cluster on his…Linkedin page — a statement:

We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration has been fixed on 9 Sept, prior to the lapse being made public. We would like to thank you, sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers.

While the nature of the cluster meant it was difficult to get an exact number of affected accounts, Diachenko estimated it would be “around 100K” based on the email addresses.

Comments

  • Three weeks!? That’s disgraceful! I don’t care how “non-technical” the support staff were, “you’re leaking customer PII” should have made it from someone’s desk to a senior/team lead within minutes of being read.

  • Razer really are the worst company. I bought a $2,400 Blade Stealth laptop that died after about 2 years. They repaired it under warranty but then it started to make loud fan rubbing noises some months later. I sent it in again and they identified that damage had been caused during the last repair, but because I didn’t notice the damage within 90 days I have to pay for the new repairs to fix the damage the razer engineers did.

    During this same timeframe my wife had an issue with her Macbook pro which Apple fixed without question within a matter of days.

    I’ve had to resort to going through the ACCC now and probably ultimately small claims tribunal as they’re refusing to accept responsibility.

    I warn anyone considering purchasing a new laptop to steer clear of Razer as my experience and learning from the experience of other Razer customers is that they overcharge, have poor quality control and then refuse to take any responsibility to the point of disregarding consumer rights.

Show more comments

Log in to comment on this story!