Data from 100,000 Razer customers exposed online

Computer data.

Drawing.

-

Razer, maker of video game hardware, left a database of personal data accessible without protection for several weeks.

One hundred thousand customers of its website are affected, reports

.

First name, last name, email, phone number, order numbers, as well as customer billing and payment addresses were available online.

The flaw was spotted by Bob Diachenko, a cybersecurity researcher, who notified the company on August 18.

A loophole closed late

But Razer took a long time to fix the loophole.

It was not until September 9 that the problem was resolved.

"No sensitive data such as credit card numbers or passwords has been exposed," said the company in a statement.

Indeed, there is nothing to indicate that someone has taken data from this database.

However, it is estimated that it takes less than 9 hours to download the contents of an unprotected database.

In eleven days, therefore, at least 150 people could have accessed the data.

The flaw is the consequence of a misconfiguration of a server running with ElasticSearch, a very effective tool, but which requires a lot of attention to secure it.

Problems with Elasticsearch are common.

They have already touched Microsoft, the Civic Service platform or even BDSM forums.

High-Tech

Video games: A chewing gum designed to improve the performance of gamers

High-Tech

Internet: US business crash affects many websites and online platforms around the world

• High-Tech

• Site

• Cybersecurity

• Video games

• Personal data