SINGAPORE: Gaming hardware company Razer said on Monday (Jul 10) that it is investigating a potential hack that affected its digital wallet Razer Gold, which customers use to purchase games and in-game content.
This comes about three years after Razer suffered a cybersecurity breach that led to the personal information, including order details and shipping information, of about 100,000 customers being leaked.
Razer was awarded US$6.5 million in damages for loss of profit last year after it sued its IT vendor Capgemini, which has lodged an appeal against the decision. The appeal was heard in a Singapore court on Monday.
In response to CNA’s queries, a Razer spokesperson said the company was alerted to the potential hack on Sunday.
While the spokesperson did not elaborate on how many accounts or users could have been impacted, he said that its team “immediately conducted a thorough review of all Razer’s websites” upon learning of the breach and “have taken all necessary steps to secure our platforms”.
“Razer is still in the midst of investigations, and we remain committed to ensuring the digital safety and security of all our customers,” the spokesperson added.
“Once investigations have concluded, Razer anticipates that we will report this matter to the relevant authorities.”
According to a Twitter post by threat intelligence platform FalconFeeds.io, a seller had advertised the sale of source codes, encryption keys, database and backend access logins for Razer and its products in a hackers’ forum on Saturday.
The seller, who went by the username “Nationalist”, said he was looking for S$100,000 in Monero – a cryptocurrency that claims to be untraceable and decentralised – for the entire set of allegedly stolen data, including access to it.
The seller also said he was open to lower offers.
Monero’s privacy features have made it popular among criminals. American magazine Wired reported in 2017 that it became the cryptocurrency of choice on darknet markets, which function primarily as black markets on the dark web.
This has led some exchanges around the world, including South Korea and Australia, to delist Monero and other privacy coins.
Razer, co-founded by Singaporean Tan Min-Liang, has headquarters in both Singapore and California.
The 2020 data leak made headlines when a security researcher, Bob Diachenko, publicised it in a LinkedIn post.
On Monday, lawyers for Capgemini argued that Razer did not act on Mr Diachenko’s repeated warnings to Razer for three weeks.
Capgemini is seeking nominal damages but has accepted liability after its former employee admitted that he caused a cybersecurity breach that led to the leak.