According to a report published by cyber security consultant Volodymyr Diachenko on LinkedIn (via The Verge), the personal data from an estimated 100,000 accounts has been exposed since August 18. Diachenko says he immediately notified Razer of the breach, but non-technical support staff handled the issue for a further three weeks until appropriate staff resolved the problem on September 9.
Razer confirmed Diachenko's report to PC Gamer with the following statement:
"We were made aware by a security researcher of a server misconfiguration that potentially exposed order details, customer, and shipping information. No sensitive data such as credit card numbers or passwords was exposed. The server misconfiguration was fixed on the 9th September, prior to the lapse being made public.
We sincerely apologize for the lapse and have taken all necessary steps to fix the issue as well as conduct a thorough review of our IT security and systems. We remain committed to ensuring the digital safety and security of all our customers.
Customers who have questions about this can reach out to DPO@razer.com."
While the leak includes no sensitive data, Diachenko reckons it could still be used in future phishing attempts, and recommends to be on the lookout for emails by scammers posing as Razer or a related company.