Private data gone public: Razer leaks 100,000+ gamers’ personal info

This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop.

Magnify / This redacted pattern report from the leaked Elasticsearch information displays anyone’s June 24 acquire of a $2,600 gaming pc. (credit score: Volodymyr Dianchenko)

In August, safety researcher Volodymyr Diachenko found out a misconfigured Elasticsearch cluster, owned through gaming hardware seller Razer, exposing shoppers’ PII (Non-public Identifiable Knowledge).

The cluster contained data of purchaser orders and integrated data equivalent to merchandise bought, buyer electronic mail, buyer (bodily) deal with, telephone quantity, and so on—principally, the entirety you’ll be expecting to peer from a bank card transaction, even though now not the bank card numbers themselves. The Elasticseach cluster was once now not best uncovered to the general public, it was once listed through public search engines like google and yahoo.

Diachenko reported the misconfigured cluster—which contained more or less 100,000 customers’ information—to Razer in an instant, however the file bounced from enhance rep to enhance rep for over 3 weeks earlier than being fastened.

Learn 12 last paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *