The security expert at cyberspace, Bob Diachenko, discovered an Elasticsearch cloud cluster that is not properly configured and Internet a part of Razer infrastructure. The data leaked there are full names, emails, phone numbers, internal customer IDs, order numbers, order details, billing and shipping addresses.
According to Diachenko, the number of affected users is likely to reach 100.000.
The researcher is said to He discovered the exposed database on 18 August and 19 August informed the company of the matter. However, the recovery process was out of order for more than three weeks.
Finally, the database has been removed from the public internet and is no longer accessible to everyone.
There is no way to know if the database was compromised by other, more independent internet surfers, but Diachenko said the information could be used in attacks. social engineering and fraud.
"Customer records could be used by criminals to launch targeted phishing attacks in which the scammer appears as Razer or another related company," he wrote. "Customers should be wary of e-fishing attempts sent by phone or e-mail. "Malicious emails or messages may encourage victims to click on links that lead to fake login pages or download malicious software to their device."
Data leaks are becoming more common among large companies and organizations need to take appropriate measures to avoid such incidents that could damage their relationship with their customers and their reputation.