Razes investigates data breach allegations and resets user sessions

Gaming gear company Razer responded to recent rumors of a massive data breach with a short statement on Twitter, letting users know they’ve opened an investigation into the matter.

Razer is a popular Singaporean-American tech company that focuses on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel.

The company also sells services that give registered account holders access to extensive game collections, special in-game item offers, exclusive rewards and more through its Razer Gold payment system. .

Reports of a possible data breach within the company emerged on Saturday, when someone posted on a hacker forum that they had stolen source code, database, encryption keys and credentials. backend access to Razer.com, the company’s main website.

Sale of allegedly stolen data to Razer
Sale of allegedly stolen data to Razer (Computer Beep)

The user offered to sell this data for $100,000 worth of Monero (XMR) cryptocurrency and urged anyone interested to contact him directly to close the deal.

The publisher of the publication did not set any limitation or exclusivity, meaning that anyone willing to pay the requested amount would get the entire dataset.

Screenshots released as evidence of the breach show file listings and trees, email addresses, source code allegedly for anti-cheat and reward systems, API details, Razer balances Gold, etc

FalconFeedsio cybersecurity analysts spotted the announcement on the hacker forum and shared it with the public. Responding to the tweet, Razer said it was reviewing the potential incident by launching an investigation.


BleepingComputer has contacted Razer to inquire about the validity of the sample data posted on the hacker forum, but we have not received a response at the time of publication.

However, we were able to confirm that the leaked accounts are valid and belong to legitimate users on the website.

Additionally, BleepingComputer discovered that Razer had reset all members’ accounts, invalidating their active sessions and requiring them to reset their passwords.

Password reset prompt
Session timeout message (Computer Beep)

Researcher Bob Diachenko discovered in 2020 an unprotected Razer database containing full names, email addresses, phone numbers, customer IDs, order details, and billing and shipping addresses of 100,000 customers.

The database was exposed between August 18, 2020 and September 9, 2020but it’s unclear if anyone other than the researcher has ever accessed or copied Razer’s data.

Based on the sample data leaked this time, it appears the information is more recent, dating to at least December 2022, so the two incidents are likely unrelated.


Source link