Computer data.
Drawing.
-
S. Salom-Gomis - Sipa
Razer, maker of video game hardware, left a database of personal data accessible without protection for several weeks.
One hundred thousand customers of its website are affected, reports
Numerama
.
First name, last name, email, phone number, order numbers, as well as customer billing and payment addresses were available online.
The flaw was spotted by Bob Diachenko, a cybersecurity researcher, who notified the company on August 18.
A loophole closed late
But Razer took a long time to fix the loophole.
It was not until September 9 that the problem was resolved.
"No sensitive data such as credit card numbers or passwords has been exposed," said the company in a statement.
Indeed, there is nothing to indicate that someone has taken data from this database.
However, it is estimated that it takes less than 9 hours to download the contents of an unprotected database.
In eleven days, therefore, at least 150 people could have accessed the data.
The flaw is the consequence of a misconfiguration of a server running with ElasticSearch, a very effective tool, but which requires a lot of attention to secure it.
Problems with Elasticsearch are common.
They have already touched Microsoft, the Civic Service platform or even BDSM forums.
High-Tech
Video games: A chewing gum designed to improve the performance of gamers
High-Tech
Internet: US business crash affects many websites and online platforms around the world
High-Tech
Site
Cybersecurity
Video games
Personal data