The data of 500,000 Cooler Master customers was stolen. Sensitive information, including full credit card details, was involved. A hacker captured the data by breaking into the company’s website.
A hacker managed to steal the data of Fanzone members of Cooler Master, reports the website BleepingComputer, which specializes in cybersecurity news. The hacker “Ghostr” contacted the website to report the hack. It is unclear whether the hacker was operating alone.
Unencrypted data in the website
The hacker claimed to have 103 GB of data in the hands of Cooler Master. This includes customer data of 500,000 Fanzone members as well as information from corporate, suppliers, sales, warranty, inventory and HR. The nature of the data is extremely sensitive. It includes names, addresses, dates of birth, phone numbers, e-mail addresses and complete credit card data “including name, credit card number, expiration date and 3-digit CVC code.”
After the break-in, Ghostr sent BleepingComputer a sample of the stolen data to prove its authenticity. This sample included complete customer support calls, including phone numbers, names, and IP addresses. It could not be confirmed whether the hacker stole credit card data.
The hacker accessed the data through a vulnerability on Cooler Master’s Web site. Ghostr stated that the data was not encrypted, making all information immediately accessible.
Customers not informed
Cooler Master is a computer hardware manufacturer. On the Fanzone website, customers can register products for warranty, register products for returns, contact customer service and find the latest updates about the company.
Cooler Master did not officially disclose the data breach, nor did it respond to the hacker’s request to pay money to secure the data. The company’s customers were also not notified and did not receive instructions to prevent possible fraud attempts.
Also read: Data of 560 million Ticketmaster customers stolen by ShinyHunters