On July 8, DataBreaches broke the news that what appeared to be intellectual property from Razer had been listed for sale on a popular hacking forum. When DataBreaches contacted Razer on Saturday to find out if they were aware of the listing and had any comment, a spokesperson responded that they were aware of a potential breach and were investigating. The forum listing was picked up on Twitter on Sunday and from there, some Singapore news outlets have reported on the claims.
Today, DataBreaches can provide some additional details about the incident after hearing from the hacker over the weekend.
According to the individual who used a Jabber account that had been linked to IntelBroker, he hacked Razergold.com, pointing DataBreaches to a specific shodan.io listing to confirm the breach. When asked how he had gained access, he responded that he:
“stole access. bitbucket creds. then I just git clone the repos. stole like much stuff”
(Writing and errors as in the original)
When asked whether he had made contact with Razer and whether there was any negotiation going on about the $100k he was seeking, the hacker said he had not contacted the firm at all and wasn’t trying to extort them. He was just looking to sell the data.
As of yesterday, he had not received any offers, but noted that the forum is small, “so no big buyers yet.” He added that the forum is quiet on weekends, but on weekdays, it is popular.
Although DataBreaches heard from a known Jabber account and it seems likely the individual is the hacker, attribution must be considered a bit tentative.
IntelBroker had disappeared from the original BreachForums in March after listing the DC Health Links data that made headlines in the U.S. because it affected members of Congress. IntelBroker issued a self-ban and disappeared from the forum, later telling people, including DataBreaches, that he was concerned that the government and FiveEyes were trying to hunt him down. There have been claims he fled to Russia.
DataBreaches did not attempt to verify that the person using the Jabber account was either IntelBroker or anyone else, although the writing sounded like his.
As for Razer, their most recent statement to DataBreaches this morning read:
We were alerted to a potential hack on July 8, 2023 impacting Razer Gold. Upon learning about the breach, the team immediately conducted a thorough review of all Razer’s websites and have taken all necessary steps to secure our platforms. Razer is still in the midst of investigations, and we remain committed to ensuring the digital safety and security of all our customers. Once investigations have concluded, Razer anticipates that we will report this matter to the relevant authorities.
Correction and Update: Certain statements were edited post-publication because this site really can’t verify who contacted us using that Jabber account.