e-Sportsman plays games showing Razer data breach posted to hacker forum

Alleged Data Breach of Razer Posted to Hacker Forum; Source Code, Encryption Keys and Employee Credentials Offered for Sale

A member of a hacker forum claims that they have stolen Razer’s “keys to the kingdom” in the form of source code, encryption keys and employee credentials. The data breach potentially impacts the Razer Gold system, a form of indirect e-currency that allows for digital purchases within certain games and on platforms such as the Nintendo eShop.

Razer says that it is investigating the incident, but has yet to confirm the data breach. The hacker forum post provided evidence in the form of screenshots of an extensive filetree and folders from various directories, and the attacker is looking for a $100,000 Monero payout from a single buyer.

Razer data breach could be devastating

The Russian-speaking attacker calls themselves “Nationalist” and posted to a popular hacker forum called “Breach Forums.” The post claims that Razer source code, encryption keys, databases and backend access logins were taken in the data breach. The attacker’s starting price is $100,000 in Monero for a one-time sale, but indicated that they were willing to consider offers in the absence of immediate takers.

Razer issued a public announcement on July 11 indicating that they were first alerted of a potential data breach two days earlier, and that the attack could impact Razer Gold if it is legitimate. However, the company says that it is “still investigating” the claims posted on the hacker forum and will involve relevant authorities if necessary.

There is a possibility that this is a threat actor trying to double-dip on a prior Razer data breach. In 2020, a third-party IT vendor called Capgemini experienced a server misconfiguration that led to some private information being publicly indexed by Google and other search engines. This incident did not involve nearly the amount of data that the hacker forum post claims to have, however; it involved about 100,000 Razer customers and exposed records of their orders that included contact information, internal ID numbers and order details. That breach did not contain highly sensitive personal or financial information, but Razer ended up successfully suing Capgemini for $6.5 million. Capgemini is currently appealing that total in court.

The incident remains in question as what the attacker has posted on the hacker forum does not clearly support a new data breach, or at least not one that is as extensive as they claim. But if it is found to be legitimate, Phillip Ivancic (APAC Head of Solutions Strategy at Synopsys Software Integrity Group) notes that it could be devastating to the company: “The fact that early reports indicate that Razer’s attacker obtained their source code highlights a hugely important but often overlooked area of concern: the need for companies to pay special attention to their software development environments where source code is maintained.”

“To effectively protect a CI/CD pipeline companies need to have an effective strategy and framework focused on CI/CD pipelines and security controls. Furthermore, companies should engage in sophisticated attack simulations (often referred to a Red Team exercise) to ensure the security controls on their software development pipelines are effective against a cunning adversary,” advised Ivancic.

Hacker forum claims require further investigation to certify

Some independent security researchers have looked at the screenshots posted to the hacker forum, and thus far the strongest case for legitimacy of the data breach is that some account names paired with Razor Gold balances appear to be legitimate upon follow-up. However, the balance status does not appear to have been verified, meaning it is possible this information could have been obtained from any number of other sources.

Razor Gold holders will likely want to know what to do as a precaution in the event that the data breach turns out to be as bad as advertised. Razer has already prompted all account holders to reset their passwords as a precaution (though there is not yet an indication that user logins were taken). Razer Gold is exclusively used for select games and entertainment apps that support it, somewhat limiting the utility of it to a thief. However, the “Razer Gold” currency used for game and media purchases can be sold for up to $1 per unit, and the “Razer Silver” loyalty points that can be exchanged for in-game item purchases have an estimated value of about 50 cents per unit (though there are stronger restrictions on how these can be transferred and used).

While Razer Gold and Silver are not the usual currencies you see offered up for sale on hacker forums, there is a definite trend toward using Monero as a means of payment for extortion. The coin has been on a major upswing since at least 2021 due to its extreme privacy focus, hiding things like transaction amounts and wallet addresses that Bitcoin and similar competitors make public. “Privacy tokens” of this sort have been under general attack on the more mainstream crypto exchanges, with Binance delisting Monero and several similar alternatives in several European countries in May. This all comes as some world governments are adopting an increasingly hard line on crypto in general, with the US SEC filing lawsuits in early June against Binance and Coinbase attempting to label them as illegal traders of securities.

Tom Lysemose Hansen, CTO and co-founder of Promon, notes that gaming platforms have long been a primary target of criminal hackers and should be treated as high risk: “Cybersecurity is no game. You’d have thought that Razer would’ve learnt from its previous blunder in 2020, but this seems to not be the case. Gaming-related cybercrime is detrimental to business as the inability to provide a safe and secure experience for customers will erode consumer trust in Razer. Whilst the dust is yet to settle on this one, I think it’s highly unlikely that many people will be signing up for zVault anytime soon”.