Cooler Master Hit By Data Breach Exposing Customer Information (bleepingcomputer.com) 15
Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19 after a threat actor breached the company's website, stealing the Fanzone member information of 500,000 customers. BleepingComputer reports: [A] threat actor known as 'Ghostr' told us they hacked the company's Fanzone website on May 18 and downloaded its linked databases. Cooler Master's Fanzone site is used to register a product's warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses. Ghostr said they were able to download 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.
The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master. Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price. Cooler Master said in a statement to BleepingComputer: "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."
The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master. Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price. Cooler Master said in a statement to BleepingComputer: "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."
The real problem (Score:2)
The real problem: Another business can use our data for free.
Re: (Score:2)
This is why I give fake biographical information to stupid sites that don't need it. I've been 25 for as long as they've asked these stupid things.
They can get a throw away email intended for spam, a random user name if needed, and everything else is fake.
If and only if I am ordering directly from them then they get my address for obvious reasons. The rest still fake or purchased as a guest if possible.
Re: (Score:2)
The rest still fake ...
I did that too: But now, payment services (*** Cough *** ... PayPal ...) check the details match a real name.
Re: (Score:2)
Oooh noooo, don't use PayPal if you have any other choice!
I use my credit card for purchases. There are numerous benefits and none of the PayPal risks and flaws. I even get 2% cash back.
I had to pay a lawyer and a cpa through PayPal. That was their only payment method. :-( But no one else ever. And even then it was ultimately just a pass through to my cc anyway. Everything else is direct to cc.
If you're making a purchase the buyer has to know who you are 99% of the time anyway.
Re: (Score:2)
Remind me, why are transaction fees so high again?
the buyer has to know who you are 99% of the time
No they don't. They only need to know my address if I am having something delivered. If I am buying retail day to day items they don't need to know shit.
Any lawyer or cpa that restricts to paypal only is a huge red flag.
Re: (Score:2)
I'm talking online deliveries so yeah they need my address and name. The fees are so high because they can be. I figure my 2% is a good chunk of what the seller is passing through so in effect other people are eating a lot of the cc convenience fees. I regularly check for higher cash back but they always have some gotcha for anything over 2%.
My cpa and lawyer are/were both fucking fantastic but very low tech. CPA guy is super responsive and has saved me ridiculous amounts of money and lawyer gal was ver
Re: (Score:2)
Lol, we're birthday bros! I was born same day in a different year!
And it's weird how none of my fb friends ever wish me a happy birthday, either. What if I really was born on Jan 1? :-)
Re: (Score:2)
I wonder if any websites run metrics on birthdays? How large is the peak for 1/1/1970?
What's with the " actor" language? (Score:3)
Re: (Score:3)
Aside from the general practice of using broad language in the early stages of an investigation to avoid prematurely narrowing the scope of the investigation, another reason might be avoiding the use of pejorative language prior to any lawsuits. If I defame a party as an "attacker" or "(malicious) hacker" and they didn't do anything to me, they can try to sue me for defamation.
and doubt they will claim (Score:2)
maybe? (Score:3)
Crazy take here I know, but maybe at some point someone should ask why every company has to have personal information in the first place, I mean, AT ALL?
If I'm buying your CPU cooler (and I like Cooler Master, btw), I hand you MONEY which is a fungible method of converting work-value to a tradeable token.
You take that money, give me the thing I buy or ship it to the place I say.
Why the FUCK would you (Cooler master) need to know ANYTHING about me? Even my name is immaterial to the transaction, much less anything else about me.
Firefox Relay (Score:2)
Firefox Relay [firefox.com] lets you use fake email addresses that still forward to your real address so you can use them to sign up for things without giving out your info. For $5/month you get your own email domain (@username.mozmail.com), as well as a fake phone number that forwards to your real phone. You don't have to give your real contact information out to anyone for just $60/year.
Add in a Yubikey [yubico.com] for another $60 for secure 2FA and you've gone a long way to securing your online presence.
Re: (Score:2)