Razer Investigates Data Breach Claims and Resets User Sessions

Gaming gear company Razer has responded to recent rumors of a significant data breach with a brief statement on Twitter, informing users that they have initiated an investigation into the matter.

About Razer

Razer is a well-known American-Singaporean tech firm that specializes in gaming hardware. They offer high-quality peripherals, powerful laptops, and apparel to gaming enthusiasts.

In addition, Razer provides services that grant registered account holders access to extensive game collections, special in-game item offers, exclusive rewards, and more through their Razer Gold payment system.

Potential Data Breach

Reports of a potential data breach at Razer emerged on Saturday, when an individual posted on a hacker forum claiming to have stolen the source code, database, encryption keys, and backend access logins for Razer.com, the company’s main website.

Sale of data allegedly stolen from Razer
Sale of data allegedly stolen from Razer (Source: BleepingComputer)

The hacker offered to sell the stolen data for $100,000 worth of Monero (XMR) cryptocurrency and encouraged interested parties to contact them directly to finalize the transaction.

The individual did not impose any limitations or exclusivity, meaning that anyone willing to pay the requested amount would receive the entire data set.

Screenshots shared as proof of the breach displayed file lists and trees, email addresses, source code supposedly for anti-cheat and reward systems, API details, Razer Gold balances, and more.

Cybersecurity analysts at FalconFeedsio discovered the announcement on the hacker forum and made it public. Razer responded to the tweet, stating that they have initiated an investigation into the potential incident.

Razer's Tweet

BleepingComputer reached out to Razer for confirmation regarding the authenticity of the data samples posted on the hacker forum. However, as of the time of publishing, we have not received a response.

Nevertheless, we have independently verified that the leaked accounts are indeed valid and belong to legitimate users of the website.

Furthermore, BleepingComputer has discovered that Razer has taken measures to address the breach by resetting all member accounts, thereby invalidating active sessions and prompting users to reset their passwords.

Password reset prompt
Session expiration message (Source: BleepingComputer)

Prior Security Incident

In 2020, researcher Bob Diachenko discovered an unprotected Razer database containing sensitive information such as full names, email addresses, phone numbers, customer IDs, order details, and billing and shipping addresses of 100,000 customers.

This database was exposed between August 18, 2020, and September 9, 2020. However, it remains unclear whether anyone other than the researcher accessed or copied Razer’s data during that period.

What Measures are Being Taken to Protect the Pediatric Mental Health Patients’ Data After the Brightline Data Breach?

After the Brightline data breach, concerns arose regarding the safety of pediatric mental health patients’ data. To ensure their protection, stringent measures are being implemented. These include strengthening encryption protocols, conducting regular security audits, employing multi-factor authentication, and training staff on cybersecurity best practices. These efforts aim to safeguard sensitive information and prevent pediatric mental health patients at risk from falling victim to future data breaches.

Current Data Breach

Based on the leaked data samples this time, it appears that the information is more recent, dating back to at least December 2022. Therefore, it is highly likely that the two incidents are unrelated.

Leave a Reply

Your email address will not be published. Required fields are marked *