Cooler Grasp hit by knowledge breach exposing buyer data

Laptop {hardware} producer Cooler Grasp has suffered a knowledge breach after a menace actor breached the corporate’s web site and claimed to steal the Fanzone member data of 500,000 prospects.

Cooler Grasp is a {hardware} producer primarily based in Taiwan that’s identified for its laptop circumstances, cooling gadgets, gaming chairs, and different laptop peripherals.

Yesterday, a menace actor by the alias ‘Ghostr’ contacted BleepingComputer and claimed to have stolen 103 GB of information from Cooler Grasp on Might 18th, 2024.

“This data breach included cooler master corporate, vendor, sales, warranty, inventory and hr data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry and 3 digits cc code,” the menace actor advised BleepingComputer.

Cooler Grasp’s Fanzone website is used to register a product’s guarantee, submit return merchandise authorization (RMA) requests, contact assist, and register for information updates.

In a dialog with BleepingComputer, Ghostr advised BleepingComputer that the information was stolen by breaching one of many firm’s front-facing web sites, permitting them to obtain quite a few databases, together with the one containing Fanzone data.

The menace actor stated they tried to contact the corporate for fee to not leak or promote the information, however Cooler Grasp didn’t reply.

Nonetheless, they did share a hyperlink to a small pattern of allegedly stolen knowledge within the type of comma-separated values information (CSV) that seem to have been exported from Cooler Grasp’s Fanzone website.

Samples of stolen data
Samples of stolen knowledge
Supply: BleepingComputer

These CSV information comprise all kinds of information, together with product, vendor, buyer, and worker data.

One of many information incorporates roughly 1,000 data of what look like latest buyer assist tickets and RMA requests, which embody prospects’ names, e mail addresses, date of beginning, bodily addresses, telephone numbers, and IP addresses.

BleepingComputer has confirmed with quite a few Cooler Grasp prospects on this file that the listed knowledge is appropriate and that they opened an RMA or assist ticket on the date specified within the leaked pattern.

Whereas the data on this RMA knowledge is confirmed to be respectable for the purchasers who responded to our emails, BleepingComputer was unable to confirm the opposite knowledge.

Nonetheless, BleepingComputer may discover no proof in these information that bank card data was stolen as claimed by the menace actor.

The menace actor says they’ll promote the information sooner or later however has but to decide on the value.

BleepingComputer tried to contact Cooler Grasp about this breach quite a few occasions however didn’t obtain a reply to our emails.

Recent articles

Researchers Warn of Privilege Escalation Dangers in Google’s Vertex AI ML Platform

Nov 15, 2024Ravie LakshmananSynthetic Intelligence / Vulnerability Cybersecurity researchers have...

How AI Is Reworking IAM and Id Safety

Lately, synthetic intelligence (AI) has begun revolutionizing Id Entry...

Vietnamese Hacker Group Deploys New PXA Stealer Focusing on Europe and Asia

Nov 15, 2024Ravie LakshmananMalware / Credential Theft A Vietnamese-speaking risk...

Excessive-Severity Flaw in PostgreSQL Permits Hackers to Exploit Surroundings Variables

Nov 15, 2024Ravie LakshmananVulnerability / Database Safety Cybersecurity researchers have...