Razer company is engaged in development and creation of professional game equipment. It manufactures mouses, mouse pads, keyboards, headphones, game systems and game servers.
Researcher in the field of computer security Vladimir Dyachenko recently found a security breach in the system of peripheral device manufacturer Razer. The misconfigured Elasticsearch cluster, which contains more than 100,000 records of Razer clients, reportedly provided full access to them for an indefinite period of time. Each record contains an email address, mailing address and phone number, making this leak potentially dangerous.
What is even more dangerous is that the Elasticsearch cluster was not only available on the Internet, but was also indexed by a search engine, making it easier to find and locate data. Note that this is not the result of a hack, but an oversight by the administrators.
This is how Razer commented the situation:
“Vladimir told us about the wrong server configuration, which could potentially reveal order details, client and delivery information. No other sensitive data such as credit card numbers or passwords were disclosed. The wrong server configuration was corrected before the error was made public”.
In addition, the company apologized and assured that it had taken all necessary steps to solve the problem, as well as conducted a thorough security check on the systems.