Razer Data Breach Unconfirmed, But Hacker Forum Claims Theft of Source Code

by | Jul 14, 2023

An investigation remains ongoing into an alleged data breach at Razer that may have involved highly sensitive internal assets. This all stems from a hacker forum post, which has offered up some verifiable evidence but not in a type or amount that makes it clear new information has actually been stolen.

If the data breach turns out to be legitimate, Razer will have lost a potentially crippling amount of information: source code, internal login credentials, encryption keys and confidential business documents. The hacker is seeking a $100,000 payment (or best offer) in Monero to release the information, but unsurprisingly there do not seem to be any takers as of yet as security experts are generally finding their provided data sample to be unconvincing.

Hacker forum post follows 2020 Razer incident

Aside from not providing “slam dunk” evidence of a data breach, the hacker forum post is questionable as the best verifiable information it contains is the names of some user accounts along with their “Razer Gold” e-currency balances. This information could have been obtained from any number of sources, however. One of those is a prior 2020 breach of Razer.

The company was not hacked during that incident, but instead saw one of its IT vendors (Capgemini) misconfigure a server and temporarily expose some private information to web-crawling bots, including search engines. That incident included the account numbers of about 100,000 Razer customers including their order history. Thus the reason for suspicion about the current hacker forum claims.

Still, any claim of a data breach involving source code and extensive company credentials is one that should be taken seriously by all impacted parties. Razer has already asked customers to reset their current passwords as a precaution, and any overdue changing of shared passwords would also be a good idea. Social media is not yet ablaze with reports of the “Razer Gold” or “Razer Silver” currencies being appropriated or of account takeovers, however, with things presently seeming to be business as usual at places like the Razer discussion forum on Reddit.

Razer Gold is technically threatened if the hacker forum poster is for real, but it’s not the sort of thing that would be a priority target for international criminals. It’s used for purchases from Razer and certain third-party partners, mostly entertainment and gaming companies. The “Razer Silver” loyalty program reward points are similarly limited in function, mostly useful to a criminal looking to go on a binge of buying Steam games or movie downloads.

Criminals might extract some value from selling accounts loaded with these loyalty points, but the main threat from the hacker forum (and the justification for the large ransom demand) is the back-of-house access it supposedly provides. The fact that the seller is restricting things to a single buyer adds to the suspicion, however; they may be using old information in the hopes that they can convince just one dupe to pay up.

Is the Razer data breach legitimate?

Word from Razer’s internal investigation is still forthcoming, but for now there does not look to be any reason to do anything but take sensible basic precautions (such as password changes). Razer is not being threatened by a known organized criminal hacking group, with what appears to be a lone Russian-speaking hacker calling themselves “Nationalist” taking credit.

The breach was reportedly first detected on July 9, and public notice first came from Razer on July 11. Razer’s communications have implied that law enforcement has not yet been involved, but would be if the internal investigation points in that direction.

Recent Posts

Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing
Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing

Employee targeted in the voice phishing attack received several different deepfake call attempts and at least one voicemail message, but did not respond as it’s exceedingly rare for anyone to communicate internally via WhatsApp, let alone for the CEO to randomly start peppering an employee with messages after business hours.

How can we help?

10 + 5 =

× How can I help you?