Email
Password
Remember meForgot password?
    Log in with Twitter

article imageThousands of Razer customers shipping details exposed Special

By Tim Sandle     Sep 12, 2020 in Technology
It has been revealed that computer gaming company Razer, Inc. enabled thousands of customers' order and shipping details to be exposed on the web without password due to a misconfigured server.
Razer is a Singaporean-American global gaming hardware manufacturing company, e-sports and financial services provider. Razer's products are generally targeted at gamers. The cloud security issue was discovered and posted by security researcher Bob Diachenko.
In failing to secure the server, this exposed Razer data that consisted of the names of its customers, together with personally identifiable information such as emails, phone numbers, and shipping information. The data was held on within an Elasticsearch cluster, misconfigured for public access. This information could be indexed by public search engines. As a result of the quantity of data leaked, the number of affected customers is about 100,000 individuals.
Commenting on the issue for Digital Journal, Chris DeRamus, Vice President of Technology at Rapid7, explains: "Leaving a database publicly accessible, unprotected without even a password, is a preventable yet common cause behind massive data leaks."
The security analyst notes that security issues resulting from cloud misconfigurations have exposed nearly 33.4 billion records during the pat two years (drawing on Divvy Cloud data).
In terms of the wider implications of this particular cyber-incident, DeRamus says: "If accessed by bad actors, the sensitive information exposed from Razer’s Elasticsearch database is more than enough to launch targeted phishing attacks" (when an attacker, masquerading as a trusted entity, dupes a victim into opening an email).
Going forwards, DeRamus recommends: "To avoid cloud misconfigurations, companies need to move towards a new model of security that provides continuous controls and enforces secure configurations of cloud services." This means proactive rather than reactive strategies.
In addition, he explains: "Organizations need a security solution that provides the automation essential to enforce policy, reduce risk, provide governance, impose compliance, and increase security across a hybrid cloud infrastructure."
DeRamus sees security automation as the mechanism by which businesses can keep agile and innovative whilst also ensuring data integrity.
More about razer, Cybersecurity, Shipping
 
Latest News
Top News