In the last hours we have learned that Razer, the hardware manufacturer specialized in the world of gaming, has suffered a Data Breach, because of which the personal data of around 100,000 customers of the Singapore company have been exposed. A problem, seen in a general way, can have any company, but it is advisable to analyze a little, just a little more in depth, to see what we can learn from it, and at what points we talk about a management that can be frankly improved.
What happened in the Data Breach
The problem begins on August 18, when cybersecurity expert Bob Diachenko detects a misconfiguration on one of his Elasticsearch servers, a very popular and widely used data management and analysis engine. And because of that configuration flaw, and according to Diachenko’s estimates, the data of around 100,000 company customers were exposed. We are talking about a database that contains full names, emails, telephone numbers and postal addresses.
Upon detecting the incident, the researcher contacted Razer, and this is where we find what is truly objectionable about his behavior, since despite the fact that Diachenko exchanged messages with several people from the company, it took longer three weeks to resolve the security issue. Three weeks during which customer data was exposed without Razer doing anything to prevent it.
The problem was finally resolved by Razer on September 9, after several contacts between the researcher and the company. At that time the company issued a statement in which it reported the incident and apologized to its customers. He also claimed that their payment details had not been compromised and completed his message with some recommendations and a contact email address for customers who may have been affected by the leak.
And, although the payment data has not been compromised, we cannot say the same about the privacy of customers, whose data has been exposed for more than three weeks, despite the fact that Razer had knowledge of it. I don’t know, but I have the feeling that there are still many companies that do not take the problem of data leaks as seriously as they should, being the case to make people aware of how exposed your information can be via the internet and why you have to take EVERY POSSIBLE MEASURE !!
