A hacker is demanding $100,000 in cryptocurrency for source code and back-end login details stolen from American-Singaporean gaming tech company Razer, reports The Straits Times.
The stolen data, which included folders labeled ‘zVault’ (Razer’s digital wallet that was replaced by Razer Gold in December 2018) and encryption keys relating to its rewards system, was offered for sale on a hacker forum on Saturday.
The attacker, who claims to have accessed more than 400,000 Razer Gold accounts, has specified that any transaction must be carried out using privacy-focused crypto Monero.
Razer says that it’s aware of the potential breach and that it’s carrying out an investigation. It hasn’t yet confirmed whether or not customers’ credit card details were also breached.
Razer’s second large breach in three years
In 2020, Razer suffered a similar security issue that saw personal information relating to more than 100,000 of its customers exposed due to a server ‘misconfiguration’ that occurred when an employee at IT firm Capgemini accidentally disabled a number of security settings.
According to a cybersecurity expert, the exposed data included names, email addresses, phone numbers, order details, and billing and shipping addresses.
The expert added that the information could have been used in targeted phishing attacks and urged customers to keep an eye out for potential email or telephone scams.
Razer said it identified and solved the issues in a matter of days but still sued Capgemini for $6.5 million in damages.