Server configuration is now fixed
Computer security researcher Vladimir Dyachenko discovered a security breach in the peripheral manufacturer Razer. A misconfigured Elasticsearch cluster with over 100,000 Razer customer records reportedly allowed full access to them indefinitely. Each entry contains an email address, postal address, and telephone number, making this leak potentially dangerous. What’s even more dangerous is that the Elasticsearch cluster was not only available on the Internet, but also found to be indexed by a search engine, which made it easier to find and discover data. Note that this is not the result of a hack, but an oversight of the administrators.
More than 100,000 Razer customers have personal information publicly available
Razer commented on the situation as follows:
“Vladimir informed us of a server misconfiguration that could potentially reveal order details, customer details, and shipping information. No other sensitive information, such as credit card numbers or passwords, has been disclosed.
The server misconfiguration was fixed on September 9th, before the bug was reported. “
In addition, the company apologized and assured that it took all the necessary steps to resolve the issue, and also conducted a thorough security check of the systems.