Security researchers today revealed that Razer, Inc., a global gaming hardware manufacturing company, e-sports and financial services provider, left thousands of customers’ order and shipping details exposed on the web without password via a misconfigured server. The exposed information includes full name, email, phone number, customer internal ID, order number, order details, billing and shipping address. The exact number of affected customers is yet to be assessed as originally it was part of a large log stored on a company’s Elasticsearch cluster misconfigured for public access since August 18th, 2020 and indexed by public search engines. Based on the number of the emails exposed, researchers estimate the total number of affected customers to be around 100K.
Experts Comments
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Chris DeRamus, VP of Technology Cloud Security Practice, provides expert commentary at @Information Security Buzz.
"Automation takes the headache out of making cloud infrastructure secure in a shared responsibility world...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/thousands-of-razer-customers-order-and-shipping-details-exposed-on-the-web-without-password
Facebook Message
@Chris DeRamus, VP of Technology Cloud Security Practice, provides expert commentary at @Information Security Buzz.
"Automation takes the headache out of making cloud infrastructure secure in a shared responsibility world...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/thousands-of-razer-customers-order-and-shipping-details-exposed-on-the-web-without-password