15 September,2020 11:52 AM IST | Mumbai | IANS
This image has been used for representational purposes only
Gaming hardware vendor Razer has accidentally exposed personal information of over one lakh gamers that was available for nearly a month for hackers to exploit.
Security researcher Volodymyr Diachenko first discovered that customer data on Razer's website was made publicly available on August 18 because of a server misconfiguration.
Leaked data included full name, email, phone number, customer internal ID, order number, order details, billing and shipping address.
After discovering the misconfiguration online, Diachenko reached out to Razer several times over the span of three weeks before receiving a reply.
ALSO READ
Tamil Nadu govt inks pact with Microchip, Nokia, PayPal during CM’s visit to San Francisco
TN govt inks pact with Microchip, Nokia, PayPal during CM’s visit to San Francisco
TN govt inks pact with Microchip, Nokia, PayPal during CM’s visit to San Francisco
Mumbai couple’s nightmare San Francisco trip
Shooting kills 2 and wounds 2 in Oakland, California
"My message never reached the right people inside the company and was processed by non-technical support managers for more than three weeks until the instance was secured from public access," Diachenko said in a post on LinkedIn.
Razer is a global gaming hardware manufacturing company, esports and financial services provider. In a statement, the company acknowledged the server misconfiguration.
Read: Watch video: Nagpur police shows how to keep personal data safe in phone
"We were made aware by Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information. No other sensitive data such as credit card numbers or passwords was exposed," the company said.
"The server misconfiguration has been fixed on September 9, prior to the lapse being made public," the company added.
However, according to Diachenko, the customer records could be used by criminals to launch targeted phishing attacks wherein the scammer poses as Razer or a related company.
"Customers should be on the lookout for phishing attempts sent to their phone or email address. Malicious emails or messages might encourage victims to click on links to fake login pages or download malware onto their device".
Razer customers could be at risk of fraud and targeted phishing attacks perpetrated by criminals who might have accessed the data, the security researcher warned.
Catch up on all the latest Crime, National, International and Hatke news here. Also download the new mid-day Android and iOS apps to get latest updates.
Mid-Day is now on Telegram. Click here to join our channel (@middayinfomedialtd) and stay updated with the latest news
This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever