Global gaming retailer, manufacturer and payments ecosystem Razer has inadvertently exposed personal information about some 100,000 of its customers online due to a misconfigured server.
The data was stored on an Elasticsearch cluster that was set to allow public access, potentially exposing the customers to targeted phishing attacks by individuals posing as the company. Sensitive personal data such as credit card numbers and passwords were not revealed.
According to a comment posted by the firm, the server misconfiguration was fixed on September 9 prior to the lapse being made public. The information had been exposed for three weeks as Razer’s non-technical staff processed a report alerting the firm to the problem.
The breach was uncovered by cybersecurity consultant Volodymyr Diachenko, who has since offered to conduct a live educational session to raise cybersecurity awareness within the firm. It is unclear whether or not Razer has accepted the offer.