Hong Kong-listed gaming company Razer exposed personal details of approximately 100,000 customers, according to a report by cybersecurity consultant Volodymyr Diachenko.
Diachenko found that Razer misconfigured one of its Elasticsearch servers, accidentally compromising customers’ private information since August 18. The information was also indexed by public search engines. Full names, emails, phone numbers, customer internal IDs, order numbers, order details, billing, and shipping addresses became visible to the public.
Diachenko reached out to Razer to inform the company of the leak, but only received a reply after three weeks. Razer acknowledged the lapse and resolved the issue on September 9, according to a statement from the firm.
Although credit card information and passwords were not compromised, the leaked details could be used to launch phishing attacks, in which scammers send malicious emails to customers that include malware or fake login pages.
Razer was founded in 2005 as a gaming hardware company. The company has since expanded into other verticals, such as mobile payments and wealth management, and is headquartered in both Singapore and Irvine, California. Razer currently has 100 million users worldwide, according to chief executive officer Tan Min-Liang in an exclusive interview with KrASIA.