[Editor’s Note: The article has been updated to reflect Razer’s latest statement.]
Razer, a leading gaming hardware company, posted on Twitter that it is currently investigating a potential data breach.
On Saturday (July 8), an individual with the username ‘Nationalist’ posted on a dark web forum, claiming to have obtained purportedly stolen data from Razer.
The seller claims to possess a range of the company’s sensitive information, including source code, encryption keys, database access logins, and backend access credentials. In support of these claims, the seller provided screenshots displaying a comprehensive file tree and folders from different directories, reportedly originating from Razer.com.
The seller requested a payment of US$100,000 in the Monero cryptocurrency (XMR) in exchange for the stolen data, but also expressed a willingness to entertain offers below this asking price.
In contrast to cryptocurrencies like Bitcoin or Ethereum, where transaction information is openly available on the blockchain, Monero transactions are intentionally designed to prioritise privacy and anonymity.
As such, this particular use of Monero could present difficulties in tracking the movement of funds and discerning the identities of the involved parties.
In a separate media statement released on July 11, Razer revealed that they were first alerted to the potential hack impacting Razer Gold on Sunday (July 9).
“Upon learning about the breach, the team immediately conducted a thorough review of all Razer’s websites and have taken the necessary steps to secure our platforms. Razer is still in the midst of investigations, and we remain committed to ensuring the digital safety and security of all customers,” said Razer.
It added that once investigations have concluded, it will report this matter to the relevant authorities.
That said, the veracity of the alleged Razer cyber attack remains unverified. It remains unclear whether the data being sold on the dark web originates from the 2020 Razer cyber attack, or if it represents a distinct and recent breach.
In September 2020, the company experienced a security incident due to a server misconfiguration by its IT vendor, Capgemini.
During that breach, personal and shipping information belonging to approximately 100,000 Razer customers was exposed to the public. Razer subsequently filed a lawsuit against Capgemini, alleging negligence, and was awarded US$6.5 million in damages by the High Court in December 2022.
Featured Image Credit: Razer