The Singapore-based, American gaming firm has replied to rumors that 404,000 emails, keys, logins, and other details were available for sale, but it hasn’t fully resolved the 2020 leak.
On July 8, a message purporting to offer data allegedly stolen from gaming hardware maker Razer surfaced on a hackers’ forum. The hacker claimed to have taken the database, encryption keys, source code, backend access logins, and other information.
According to reports, the hacker provided a sample of user email addresses while stating that the entire list had 404,000 entries. The price listed for the material was $100,000 in the privacy coin Monero (XRM), while smaller bids were taken into consideration.
On July 9, Razer acknowledged the potential breach and announced that they are looking into it. The legitimacy of the disclosed email accounts was allegedly verified by the website BleepingComputer. Razer reset all user accounts as a precaution and advised users to change their passwords.
As Razer continues to deal with the fallout from a data leak that happened in 2020, word of this most recent attack breaks. In a lawsuit against IT provider Capgemini, Razer was given a $6.5 million damage award in December. Capgemini, however, contested the ruling, and on July 10 a Singaporean court heard the appeal.
About 100,000 Razer users’ personal information was exposed in the 2020 data breach. It happened as a result of a compromised line of code that was allegedly changed between June and September 2020 by a Capgemini programmer. In September 2020, a security consultant found the breach.
A gaming gear manufacturer with operations in Singapore and the US, Razer was established in 2005. In 2017, the business offered virtual currencies for credits and awards, and in following years it added mining capabilities to its offerings. It is claimed that some of the information taken in the attack on July 8 relates to an earlier version of Razer’s system.