Jump to content
  • Razer investigates data breach claims, resets user sessions


    Karlston

    • 614 views
    • 3 minutes
     Share


    • 614 views
    • 3 minutes

    Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter.

     

    Razer is a popular American-Singaporean tech firm focusing on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel.

     

    The company also sells services that give registered account holders access to extensive game collections, special in-game item offers, exclusive rewards, and more through its Razer Gold payment system.

     

    Information about a potential data breach at the company emerged on Saturday, when someone posted on a hacker forum that they had stolen the source code, database, encryption keys, and backend access logins for Razer.com, the company's main website.

     

    breached.png

    Sale of data allegedly stolen from Razer (BleepingComputer)

     

    The user offered to sell that data for $100,000 worth of Monero (XMR) cryptocurrency and urged interested individuals to contact him directly to close the deal.

     

    The publisher of the post has not set any limitations or exclusivity, meaning anyone willing to pay the requested amount would get the entire data set.

     

    The screenshots posted as proof of the breach show file lists and trees, email addresses, source code allegedly for anti-cheat and reward systems, API details, Razer Gold balances, and more.

     

    Cybersecurity analysts at FalconFeedsio spotted the announcement on the hacker forum and shared with the public. Replying to the tweet, Razer said that it was looking into the potential incident by starting an investigation.

     

    BleepingComputer has contacted Razer to ask about the validity of the data samples the posted on the hacker forum but we have not received a response at publishing time.

     

    However, we have been able to confirm that the leaked accounts are valid and belong to legitimate users on the website.

     

    Also, BleepingComputer has found that Razer has reset all member accounts, invalidating their active sessions and requesting them to reset their passwords.

     

    password-reset.png

    Session expiration message (BleepingComputer)

     

    Researcher Bob Diachenko discovered in 2020 an unprotected Razer database containing full names, email addresses, phone numbers, customer IDs, order details, and billing and shipping addresses of 100,000 customers.

     

    The database was exposed between August 18, 2020 and September 9, 2020, but it is unclear if anyone apart from the researcher ever accessed or copied Razer’s data.

     

    From the data samples leaked this time it appears that the information is more recent, dating to at least December 2022, so the two incidents are most likely unrelated..

     

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...