Expert commentary: Razer Gaming Fans Caught Up in Data Leak From misconfigured Elasticsearch

By   ISBuzz Team
Writer , Information Security Buzz | Sep 14, 2020 01:46 am PST

A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a segment of Razer’s infrastructure to the public internet, for anyone to see.


Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Morgan
Trevor Morgan , Product Manager
September 14, 2020 11:13 am

Managing and securing customer data is no game – the breach at Razer is another testament that privacy requires organizations to take data security seriously and move beyond reinforcing perimeter and access controls. This is not to say that they need to neglect perimeter security. However, no matter how much effort and investment are poured into securing the borders of their data environment, sensitive data inevitably will wind up in the wrong hands—either through intentional intrusion and theft, unintentional distribution, or pure lack of oversight.

Data-centric security addresses the need for security to travel with the data it protects (rather than merely securing the boundaries around that data). Standard encryption-based security is one way to do this, but encryption methods come with sometimes-complicated administrative overhead to manage keys. Also, many encryption algorithms can be easily cracked. Tokenization, on the other hand, is a data-centric security method that replaces sensitive information with innocuous representational tokens. This means that, even if the data falls into the wrong hands, no clear meaning can be derived from the tokens. Sensitive information remains protected, resulting in the inability of threat actors to monopolise on the breach and data theft.

Had this highly sensitive personal data been tokenized in the Razer environment, none of it would have had the potential to compromise individual users. This type of preventative helps keep organisations within compliance regulations and helps to avoid other liability-based repercussions.

Last edited 3 years ago by Trevor Morgan

Recent Posts

Would love your thoughts, please comment.x