[ad_1]
SINGAPORE – Personal and shipping information, as well as order details for some 100,000 Razer customers around the world, had been in danger of exposure because a server was misconfigured, allowing the public to access data. data.
But his credit card numbers and passwords were safe, Razer said in a statement last Friday (September 11).
The statement from the local gaming hardware firm also said the issue was fixed two days earlier, last Wednesday.
When contacted on Tuesday, a spokesman for Singapore’s Personal Data Protection Commission said it is aware of the incident and is investigating the matter. This agency reports to the Infocomm Media Development Authority.
The data breach was discovered by cybersecurity consultant Volodymyr Diachenko, who wrote on LinkedIn last Thursday that he estimated the total number of affected customers to be around 100,000, based on the number of exposed email addresses.
Razer has not confirmed the figure.
Diachenko said that the server was misconfigured for public access since August 18 and immediately notified the company via its support channel. But his message was processed by non-technical support managers for more than three weeks until the data was protected from public access.
It said the exposed information included full names, emails, phone numbers, internal customer identifications, order numbers, order details, as well as billing and shipping addresses.
In its statement to Mr. Diachenko, Razer said incorrect server settings could expose order details, customer information and shipping.
“The incorrect server configuration was corrected on September 9, before the bug was made public,” he added.
Razer apologized for the bug and said it had taken all necessary steps to fix it, as well as a thorough review of its security and IT systems.
“We remain committed to ensuring digital security and protection for all of our clients,” he added.
Diachenko said criminals could have used customer records to launch targeted phishing attacks in which the scammer posed as Razer or a related company. Customers can also be at risk of fraud.
He urged Razer customers to be on the lookout for phishing attempts sent to his phone or email address.
Last Thursday, the private transport operator Grab was fined $ 10,000 for failing to protect the personal data of its drivers and passengers on its mobile app, the fourth time in two years that it has been found to have violated data protection laws. .
A software update to its ride-sharing app on August 30 last year inadvertently exposed the personal data of 21,541 GrabHitch drivers and passengers to the risk of unauthorized access.
[ad_2]
