A recent SCUF Gaming ransomware attack exposed over one million customer records. The database contained the names, contact and payment information of individuals who had purchased from the gamepad company. This was in addition to other potentially identifying data.
SCUF Gaming International, founded in 2010, is owned by Corsair Components, an American computer hardware company. Corsair specializes in computer accessories, such as flash drives, headsets, keyboards, and wireless drives. In contrast, SCUF Gaming focuses on consoles by providing third-party controllers to Xbox and PlayStation owners. Customers can customize controllers to suit their preferences, before purchasing from the SCUF Gaming website.
Recently, Comparitech security researcher Bob Diachenko notified SCUF Gaming that its customer databases had been compromised for more than a day, endangering people’s information. The researchers also found a ransom notice advising of the breach and requesting payment in Bitcoin. Once notified, SCUF Gaming quickly investigated the issue and secured the databases, but was unable to confirm the source of the data. However, a Corsair spokesperson told Comparitech that the data was intact and that the database wasn’t exposed long enough for the malicious bot to download any information. On April 10, SCUF alerted its customers of the breach, promising that while the breach had occurred, no critical information had been stolen.
While SCUF Gaming and Corsair reported that no information had been stolen, it’s unknown if the hackers had accessed the data or recorded it by an alternative method. With the records, an outside party could bolster their phishing attempts by posing as SCUF Gaming. It’s admirable that SCUF notified the public about the breach, but they should also take this opportunity to reinforce their online security protocols. While the affected database didn’t hold things like credit card information and user logins, the data it did hold included information such as people’s shipping and billing addresses, which could still be used for malicious purposes.
Online stores like SCUF Gaming and Amazon hold people’s data for customer convenience and advertising purposes, among other reasons. Its common for these stores to obscure everything, but the last few digits of a credit card number. Technically, the same could be done for people’s addresses. While access to someone's address isn’t as immediately dangerous as obtaining a credit card number, obscuring them would still add an extra layer of protection, and could go a long way towards keeping customers safe from any future data breaches.
Source: Comparitech
from ScreenRant - Feed https://ift.tt/3acEOPD
No comments: