Razer Gaming Hardware Company Allegedly Suffers A Data Breach

Posted on July 11, 2023 at 7:03 AM

Razer Gaming Hardware Company Allegedly Suffers A Data Breach

Razer, a gaming hardware company, has been allegedly targeted by a data breach. The alleged breach became known to the public after a hacker on a hacker’s forum posted stolen data that they intended to sell for $100,000 worth of cryptocurrency.

Razer targeted by a possible breach

According to the company, it was aware of a potential breach, and it was currently conducting investigations to uncover the extent of damage and if indeed, data was stolen as alleged by the hacker.

Reports have said that the data posted on the hacker’s forum comprises the source code and the back-end access logins for the Razer website and the products that are offered by the company. The details of the data were contained in a folder that was labeled zVault. 

The name of the folder refers to a digital wallet that was launched by the gaming company in March 2017. The launch of the wallet was later followed by the release of Razer Gold in December 2018. The hacker has said that the folder also contains the encryption keys and the files related to the company’s reward system.

A sample of the allegedly stolen data detected alleged email addresses belonging to customers that have virtual credit on their Razer Gold accounts. The hacker claims to have access to 404,000 accounts. However, the information that the hacker alleges to hold cannot be verified.

The seller has said that he will sell the entire database to a single customer, with the purchase price being set at $100,000 worth of the Monero cryptocurrency. However, he also said that he was open to negotiations for a lower price.

The Monero cryptocurrency is popular with cybercriminal groups because it runs on a private blockchain. Unlike public blockchains like Bitcoin and Ethereum, where transaction data is public, the Monero blockchain hides this data, making it ideal for hackers or other criminals who want to hide their transactions.

The extent of this possible breach is yet to be determined. Moreover, the company has yet to clarify whether the personal information of customers was accessed during the breach or whether it was linked to a past breach that the company suffered in 2020. With the ongoing investigations, more details will follow.

Razer suffered a previous breach in 2020

The breach that targeted Razer in 2020 resulted in the compromise of around 100,000 Razer customers globally. The personal and shipping data belonging to these customers was leaked because of a misconfiguration in the server.

The Razer gaming company filed a lawsuit against the Capgemini IT vendor following this security breach after a former employee at the company installed a command to a line of code, which later disabled the security settings of the computer system.

The data that was stored within the company systems was leaked to the public. The data leak happened between June 18, 2020, and September 10, 2022. The High Court also awarded Razer $6.5 million worth of damages on December 9, 2022.

The lawyers representing the Capgemini IT company filed an appeal after the ruling, saying that they should only pay for nominal damages suffered by Razer and not the entire amount. The IT vendor said that Razer had neglected an advisory by a cybersecurity researcher that had alerted the company about this breach five times.

The cybersecurity research alerted Razer about this breach on August 19, 2020. The researcher published a post on the LinkedIn networking site in September 2020 saying that if a breach happened, it would affect around 100,000 customers at the company.

A day after the LinkedIn post was published, Razer issued a statement saying that the credit card numbers and passwords belonging to the company were safe. The leak of this stolen data later raised issues between Razer and Capgemini following a misconfiguration of a server file, resulting in a leak of the stolen data.

Capgemini had recommended that Razer installs and uses the ELK Stack IT solution that comprises Elasticsearch, Logstash, and Kibana. These solutions would have allowed Razer to maintain the security of its systems and protect itself against any possible breach that might be launched by hackers.

In mid-2020, an employee from Capgemini was in charge of troubleshooting, as the employees from Razer could not access the Kibana system. Razer said that the employee in question disabled the security settings of Kibana, which resulted in a security issue.

Summary
Razer Gaming Hardware Company Allegedly Suffers A Data Breach
Article Name
Razer Gaming Hardware Company Allegedly Suffers A Data Breach
Description
A hacker has allegedly breached the Razer gaming firm. The hacker has posted data allegedly belonging to the company for $100,000. The company said it was aware of a potential breach and was conducting investigations.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading