Razer in the target of hackers: new alleged data theft

In a recent incident of potential cybercrime, a member of a specialized forum claimed to have compromised Razer, a popular gaming products company. The user claims to have stolen a significant amount of company data, including website source code, encryption keys, databases, and more. Razer, however, has not yet confirmed the actual breach. It announced a few hours ago that it had launched an internal investigation, but has not provided any subsequent updates as of this writing. Interestingly, Razer has terminated all active user sessions and forced users to reset their passwords, a sign that may indicate an attempt to contain a possible data leak.

The hacker's request: $100,000 in Monero

The alleged hacker demanded a ransom of $100,000, to be paid in Monero (XMR) cryptocurrency. While the sum may seem relatively modest compared to other similar attacks, there is one thing that sets this case apart: unlike most ransom demands, the hacker can sell the stolen data set to multiple buyers. The BleepingComputer team has attempted to obtain further details from Razer, but has not received a response. They have, however, verified the existence of some accounts that the hacker showed for demonstration purposes, while not being able to confirm an actual theft of sensitive data.

Razer's dark past: a previous data leak

This isn't the first time Razer has faced potential security issues. In 2020, a security researcher had discovered an easily accessible, unencrypted database of the company, containing details such as IDs, real names and shipping addresses of more than 100,000 customers. Fortunately, no financial information or passwords were compromised. However, it was never established whether the exposed information had actually been exploited by malicious actors.

A short time frame for action

In the previous case, the window of time in which the data was vulnerable had been relatively short, less than a month, precisely from August 18th to September 9th. In that circumstance, the matter was resolved without it being clear whether the data had been exploited or not. However, the recent alleged attack highlights the importance of maintaining high security measures to prevent future such incidents. Razer will need to thoroughly investigate this new alleged attack and possibly review its security policies to better protect its users and data.