Skip to main content

Razer apologises for exposing 100,000 customers' personal data

Server misconfiguration has been fixed, peripherals firm assures no credit card numbers or passwords were exposed

Gaming hardware firm Razer has rectified an error that publicly exposed around 100,000 people's personal information.

The issue was identified by security research Volodymyr Diachenko, who found a Razer-owned Elasticsearch cluster has been misconfigured so that it was both open to public viewing and public search engines could find the data it contained, Ars Technica reports.

Elasticsearch is a tech platform that allows companies to search through their data more effeciently. The Razer cluster contained records of around 100,000 customer's orders.

Potentially available to the public were listings for items purchased, customer email addresses and physical shipping addresses, phone numbers and more.

Diachenko informed Razer, although it reportedly took over three weeks for the issue to be fixed as he was passed back and forth between the company's support representatives.

Razer issued a statement to confirm the issue has been resolved.

"We were made aware by Mr. Volodymyr of a server misconfiguration that potentially exposed order details, customer and shipping information," the company said. "No other sensitive data such as credit card numbers or passwords was exposed.

"The server misconfiguration has been fixed on September 9, prior to the lapse being made public.

"We would like to thank you, sincerely apologise for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensure the digital safety and security of all our customers."

Read this next

James Batchelor avatar
James Batchelor: James is Editor-in-Chief at GamesIndustry.biz, and has been a B2B journalist since 2006. He is author of The Best Non-Violent Video Games
Related topics