Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.
Cooler Master is a hardware manufacturer based in Taiwan that is known for its computer cases, cooling devices, gaming chairs, and other computer peripherals.
Yesterday, a threat actor by the alias 'Ghostr' contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.
Cooler Master's Fanzone site is used to register a product's warranty, submit return merchandise authorization requests, contact support, and register for news updates.
In a conversation with BleepingComputer, Ghostr told BleepingComputer that the data was stolen by breaching one of the company's front-facing websites, allowing them to download numerous databases, including the one containing Fanzone information.
The threat actor said they attempted to contact the company for payment not to leak or sell the data, but Cooler Master did not respond.
They did share a link to a small sample of allegedly stolen data in the form of comma-separated values files that appear to have been exported from Cooler Master's Fanzone site.
These CSV files contain a wide variety of data, including product, vendor, customer, and employee information.
One of the files contains approximately 1,000 records of what appear to be recent customer support tickets and RMA requests, which include customers' names, email addresses, date of birth, physical addresses, phone numbers, and IP addresses.
BleepingComputer has confirmed with numerous Cooler Master customers in this file that the listed data is correct and that they opened an RMA or support ticket on the date specified in the leaked sample.
While the information in this RMA data is confirmed to be legitimate for the customers who responded to our emails, BleepingComputer was unable to verify the other data.
BleepingComputer could find no evidence in these files that credit card information was stolen as claimed by the threat actor.
The threat actor says they will sell the data in the future but has yet to choose the price.
BleepingComputer attempted to contact Cooler Master about this breach numerous times but did not receive a reply to our emails.
First American December data breach impacts 44,000 people.
Nissan North America data breach impacts over 53,000 employees.
Dell warns of data breach, 49 million customers allegedly affected.
DocGo discloses cyberattack after hackers steal patient health data.
Dropbox says hackers stole customer data, auth secrets from eSignature service.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 29 May 2024 21:10:29 +0000