Alleged Razer data breach: Hacker demands US$100K in crypto in exchange for stolen data

Razer, a leading gaming hardware company, posted on Twitter that it is currently investigating a potential data breach.

On Saturday (July 8), an individual with the username ‘Nationalist’ posted on a dark web forum, claiming to have obtained purportedly stolen data from Razer.

The seller claims to possess a range of the company’s sensitive information, including source code, encryption keys, database access logins, and backend access credentials. In support of these claims, the seller provided screenshots displaying a comprehensive file tree and folders from different directories, reportedly originating from Razer.com.

The seller requested a payment of US$100,000 in the Monero cryptocurrency (XMR) in exchange for the stolen data, but also expressed a willingness to entertain offers below this asking price.

In contrast to cryptocurrencies like Bitcoin or Ethereum, where transaction information is openly available on the blockchain, Monero transactions are intentionally designed to prioritise privacy and anonymity.

As such, this particular use of Monero could present difficulties in tracking the movement of funds and discerning the identities of the involved parties.

However, the veracity of the alleged Razer cyber attack remains unverified. It remains unclear whether the data being sold on the dark web originates from the 2020 Razer cyber attack, or if it represents a distinct and recent breach.

In September 2020, the company experienced a security incident due to a server misconfiguration by its IT vendor, Capgemini.

During that breach, personal and shipping information belonging to approximately 100,000 Razer customers was exposed to the public. Razer subsequently filed a lawsuit against Capgemini, alleging negligence, and was awarded US$6.5 million in damages by the High Court in December 2022.

Featured Image Credit: Razer