Archive for the ‘infosec’ Category

100,000 Razer users’ data leaked due to misconfigured Elasticsearch

September 14th, 2020
This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop.

Enlarge / This redacted sample record from the leaked Elasticsearch data shows someone's June 24 purchase of a $2,600 gaming laptop. (credit: Volodymyr Dianchenko)

In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers' PII (Personal Identifiable Information).

The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you'd expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.

Diachenko reported the misconfigured cluster—which contained roughly 100,000 users' data—to Razer immediately, but the report bounced from support rep to support rep for over three weeks before being fixed.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, data breach, Data leak, identity theft, infosec, Razer | Comments (0)

7 Courses That Will Help You Start a Lucrative Career in Information Security

November 17th, 2019
As the world becomes more interconnected by the day, more and more companies of all sizes and industries are finding themselves under attack by fearless cybercriminals who can access their entire server farms from across the globe with only a few lines of code. And it's not just private corporations that are suffering. A wide range of government agencies are also constantly under attack, and

Posted in cyber security awareness training, cyber security training courses, hacking certification, Information Security, information security jobs, infosec, it security certification, learn ethical hacking | Comments (0)