Razer, a prominent gaming hardware company, is once again facing allegations of a cyber attack. An individual using the alias ‘Nationalist’ on a dark web forum has come forward claiming to have obtained sensitive data as a result of the suspected Razer cyber attack. The individual reportedly has access to source code, databases, encryption keys, and back-end access logins associated with Razer.com and its products. To release this data, the seller is demanding a ransom of $100,000 in Monero (XMR).
Razer, which has headquarters in Singapore and the United States, wasted no time responding to the claims. In a tweet by Falcon Feeds SIO, the company stated that it had been made aware of a potential breach and is currently investigating the situation. Razer’s statement aligns with suspicions about a new cyber attack, however, further investigations are necessary to confirm the authenticity of the alleged breach.
This is not the first time Razer has faced a cybersecurity lapse. In August 2020, the company left the personal information of over 100,000 gamers exposed for nearly a month due to a server misconfiguration. Security researcher Volodymyr Diachenko discovered the misconfiguration, which made data such as email and mailing addresses, phone numbers, and details of products ordered from Razer’s digital store publicly available. Fortunately, credit card information was not included in this breach.
However, the exposed personal information could still be used in phishing campaigns. Cybercriminals often utilize such data to manipulate individuals into providing further sensitive information or financial details. This highlights the importance of robust data security measures to protect against such attacks.
Following the discovery of the server misconfiguration, Diachenko claimed that he had contacted Razer multiple times over three weeks before receiving a response. Razer eventually confirmed the misconfiguration and acknowledged the potential exposure of personal information, including full names, phone numbers, and shipping addresses. The company assured customers that no other sensitive data, such as payment methods, had been leaked, and the misconfiguration was promptly fixed.
The aftermath of the cyber attack led to legal ramifications for Razer. The company initiated legal proceedings against Capgemini, a French IT services company that Razer held responsible for the server misconfiguration. Ultimately, the High Court ruled in favor of Razer, awarding the company $6.5 million in damages. This not only covered loss of profits but also the costs incurred by Razer in investigating the incident and dealing with regulatory matters.
As for the current situation, the authenticity of the alleged cyber attack targeting Razer is yet to be confirmed. It remains unclear whether the data being offered for sale on the dark web is from the 2020 breach or if it represents a new and separate cyber attack. Cybersecurity outlets, including The Cyber Express, are actively seeking clarification from Razer for more details on the matter. At present, Razer has not provided a comprehensive response.
If the claims of another cyber attack against Razer are substantiated, it could significantly impact the company’s business operations and damage its reputation in terms of data security. As a leading player in the gaming hardware industry, any breach of customer data would raise significant concerns about Razer’s ability to protect sensitive information and maintain a robust data security infrastructure.
Disclaimer: The information in this report is based on internal and external research obtained through various sources. It is intended for reference purposes only, and readers are solely responsible for relying on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.