As reported by The Verge, Razer apparently had a data leak for about a month: telephone numbers, e-mail addresses and addresses of the company’s customers were openly accessible. Razer has since fixed the leak.
The data leak was discovered by Volodymyr Diachenko. Due to a faulty configuration of a server, data that had to be provided in the context of orders was openly accessible from August 18. More than 100,000 people are said to have been affected by the breakdown. Except for payment information, all information about order transactions was apparently openly accessible.
The problem has now been solved
Diachenko turned to Razer after discovering the vulnerability. According to his own statements, he had to write several emails in a period of three weeks to receive a response from the company. In the reply Diachenko finally received, Razer admitted the server configuration error and announced that the error was fixed on September 9. Razer also informed The Verge about the problem and offers customers who placed an order during the period in question and now have questions to contact the company at the e-mail address DPO@razer.com. In this way, further information will be made available.
Sensitive data such as credit card numbers or similar payment information has not been published; however, the server error is questionable in terms of data protection. The address and ordering information that has now been published also offers sufficient scope for phishing attacks, for example.