If you recently bought something from Razer, you’ll want to keep an eye on your email inbox for suspicious links. According to security researcher Bob Diachenko, the company recently misconfigured one of its Elasticsearch servers, leaving the sensitive customer information stored on it accessible to the public since August 18th (via Ars Technica). He estimates the leak could affect as many as 100,000 customers. Razer claims passwords and credit card information weren’t included in the leak.
Exposed data reportedly included full names, e-mail addresses, phone numbers, order numbers and customer ID numbers as well as shipping and billing addresses. Diachenko said it was part of a large log chunk stored on an Elasticsearch cluster that had been misconfigured since August 18. Worse yet, it was being indexed by public search engines.
Razer in a statement to Diachenko noted that the misconfigured server was fixed on September 9, adding that sensitive data such as passwords or payment card numbers were not exposed.
The Verge said Razer confirmed the issue via e-mail, adding that anyone with concerns could reach out to customer support for more information.