In August, security researcher Volodymyr Diachenko discovered a data leak by gaming giant Razer.
The product of a misconfigured server, the data leak was estimated to affect around 100,000 users, based on the number of e-mail addresses exposed.
Their user data was exposed to the public and indexed by public search engines.
The leak exposed records of customer orders, including information such as their full names, internal IDs, e-mails, billing and shipping addresses, phone numbers, order numbers and order details.
Razer fixed the data leak on 9 September, and no sensitive data, such as credit card numbers or passwords, were exposed, the firm confirmed on Friday (11 September) last week.
In an official statement, Razer apologized for the lapse. “We…have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. “
Volodymyr had reported the leak to Razer but he said that his message was processed for more than three weeks until the data was secured from public access.
Diachenko stated that the leaked customer records can be used to launch targeted phishing attacks, and could put customers at risk of fraud.
A spokesperson for Singapore’s Personal Data Protection Commission stated on Tuesday that the data breach is being investigated.
Razer is currently shortlisted for a digital bank license in Singapore, which will enable users to conduct transactions seamlessly on Razer Pay and other financial applications. The data breach may jeopardise its standing.
Last Thursday, Grab was fined S$10,000 for failing to secure its drivers’ and passengers’ personal details on its mobile app, the fourth time in two years the superapp has breached data protection laws.
Featured Image Credit: The South African / CNBC
