If you recently bought something from Razer, you'll want to keep an eye on your email inbox for suspicious links. According to security researcher Bob Diachenko, the company recently misconfigured one of its Elasticsearch servers, leaving the sensitive customer information stored on it accessible to the public since August 18th (via Ars Technica). He estimates the leak could affect as many as 100,000 customers, with the database containing data like full names, emails, phone numbers and shipping addresses. Razer claims passwords and credit card information weren't included in the leak.
It took Razer more than three weeks to properly respond to Diachenko, over which time the researcher says he tried contacting the company multiple times. Razer finally resolved the issue on September 9th.
"We would like to thank you, sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems," the company said. "We remain committed to ensure the digital safety and security of all our customers."
If a malicious group or individual accessed the information, they could use the included emails to carry out phishing attempts. Unfortunately, as an individual, it’s hard for you to know when a company you bought something from in the past may leak your information, but you can do a couple of things to protect yourself. If you have specific questions about this leak, you can contact Razer by emailing DPO@razer.com.