Gaming hardware behemoth Razer remains under the cybersecurity spotlight again, with a new Razer cyber attack looming large.
An unknown individual under the alias ‘Nationalist’ on a dark web forum claims to have obtained crucial data as a result of the Razer cyber attack.
This data reportedly includes source code, database, encryption keys, and back-end access logins linked to Razer.com and its products. The seller is demanding $134,800 in cryptocurrency for the entire dataset.
The Cyber Express reached out to Razer and have received the following response from the spokesperson.
We were alerted to a potential hack on July 9, 2023 impacting Razer Gold. Upon learning about the breach, the team immediately conducted a thorough review of all Razer’s websites and have taken all necessary steps to secure our platforms. Razer is still in the midst of investigations, and we remain committed to ensuring the digital safety and security of all our customers. Once investigations have concluded, Razer anticipates that we will report this matter to the relevant authorities.
Customers who have questions can reach out to [email protected].
This statement corroborates suspicions about a new Razer cyber attack, though further investigations are necessary.
A Familiar Terrain? Razer’s History with Data Breach
This isn’t Razer’s first encounter with a cyber-security lapse.
In August 2020, gaming hardware titan Razer left the personal information of over 100,000 gamers exposed for nearly a month, a report reveals. The information was made publicly available due to a server misconfiguration, discovered by security researcher Volodymyr Diachenko.
Data, including email and mailing addresses, phone numbers, and the details of products ordered from Razer’s digital store, were left unprotected. Fortunately, no credit card information was included in this breach of the Razer cyber attack.
Despite the absence of credit card data, the exposed personal information could be used in phishing campaigns. Cybercriminals often use such data to craft convincing emails, texts, or even phone calls, tricking individuals into providing further sensitive data, such as passwords for online accounts or credit card details.
This highlights the severity of the Razer cyber attack, emphasizing the necessity for thorough data security measures.
Following the discovery of the server misconfiguration, Diachenko claimed he contacted Razer multiple times over a three-week period before receiving a response.
Razer confirmed the misconfiguration in a statement and acknowledged the potential exposure of personal information, including full names, phone numbers, and shipping addresses.
The company reassured that no other sensitive data, such as payment methods, were leaked, and the misconfiguration was fixed on September 9, 2020.
Razer’s Legal Battle with Capgemini Following the Cyber Attack
The fallout of the Razer cyber attack had legal implications. Following the breach, Razer launched a legal battle against Capgemini, a French multinational IT services company. Razer held Capgemini responsible for the server misconfiguration that led to the data leak.
The legal battle ended favorably for Razer, with the High Court awarding the company $6.5 million in damages. This included the recovery of loss of profits from Razer’s e-commerce platform and the costs Razer incurred in investigating the incident and dealing with regulators.
The Shadow of a New Razer Cyber Attack
It’s unclear whether the data being peddled on the dark web is from the 2020 Razer cyber attack or if it’s indeed a new, separate breach, considering that potential impact has been Razer Gold, according to the Press Statement.
As an industry leader in gaming hardware, a new data breach would raise serious questions about Razer’s data security infrastructure and customer data protection measures.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.