Razer Data Leak – Experts Reaction

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

by Security Experts | informationsecuritybuzz.com »

Researcher Bob Diachenko reports gaming hardware giant, Razer Inc. recently experienced an incident exposing customer emails, phones, shipping and billing addresses and more online. Cybersecurity expert reacted below.

EXPERTS COMMENTS
Saryu Nayyar

| September 15, 2020

 Saryu Nayyar, CEO, Gurucul

A skilled social engineer can pull even small pieces into a picture they can use against their target.

“The breach of Razer’s database doesn’t appear to have revealed any vital user information and they remediated the issue fairly quickly, but even non-vital information can be of value to an attacker. Knowing what a user purchased, and when, can be all a clever attacker needs to formulate a convincing phishing or social engineering attack. While some data points are “more sensitive” than others, a skilled social engineer can pull even small pieces into a picture they can use against their target.”

 

| September 15, 2020

Chloé Messdaghi, VP of Strategy, Point3 Security

Every company should have a vulnerability disclosure and/or bug bounty program.

“It’s obvious that some three weeks passed between the time a hacker came across the misconfigured database that revealed user PII, and the time it got fixed. It’s likely that when the researcher contacted Razer with the info on the data leak, that red flag may have been passed around internally before landing in the lap of someone who knew who to give the red flag to. Three weeks is a long time for this kind of fix.

Every company should have a vulnerability disclosure and/or bug bounty program. It also needs to ensure that whenever anyone contacts any employee about a vuln or bug, whether through Twitter or an incoming email to a sales or marketing contact, every employee knows who to route this information to, so the vuln is fixed in a more timely way. A “go-to” for all software vulnerabilities is critical.

Hackers are regularly contacting companies via twitter or support email address to advise them of vulnerabilities, and these people are doing a service for the company. Companies must provide known, go-to channels to quickly move these alerts, and they should also take steps to protect hackers who discover such vulns and bugs because hackers are trying to prevent attackers conducting any malicious acts.

Even better: companies can and should set up a specific email address that hackers can use to disclose a vulnerability, and respond with thanks to any member of the hacker community who’s actively trying to help them, because every leak enables their customers to be spear-phished.”

 

External Link: Razer Data Leak – Experts Reaction

Share this page:

Related Posts