Laptop {hardware} producer Cooler Grasp has suffered a data breach after a risk actor breached the corporate’s web site and claimed to steal the Fanzone member info of 500,000 clients.
Cooler Grasp is a {hardware} producer based mostly in Taiwan that’s recognized for its laptop circumstances, cooling gadgets, gaming chairs, and different laptop peripherals.
Yesterday, a risk actor by the alias ‘Ghostr’ contacted BleepingComputer and claimed to have stolen 103 GB of information from Cooler Grasp on Might 18th, 2024.
“This data breach included cooler grasp company, vendor, gross sales, guarantee, stock and hr information in addition to over 500,000 of their fanzone members private info, together with title, handle, date of delivery, cellphone, e mail + plain unencrypted bank card info containing title, bank card quantity, expiry and three digits cc code,” the risk actor informed BleepingComputer.
Cooler Grasp’s Fanzone web site is used to register a product’s guarantee, submit return merchandise authorization (RMA) requests, contact assist, and register for information updates.
In a dialog with BleepingComputer, Ghostr informed BleepingComputer that the info was stolen by breaching one of many firm’s front-facing web sites, permitting them to obtain quite a few databases, together with the one containing Fanzone info.
The risk actor stated they tried to contact the corporate for cost to not leak or promote the info, however Cooler Grasp didn’t reply.
Nevertheless, they did share a hyperlink to a small pattern of allegedly stolen information within the type of comma-separated values recordsdata (CSV) that seem to have been exported from Cooler Grasp’s Fanzone web site.
Supply: BleepingComputer
These CSV recordsdata include all kinds of information, together with product, vendor, buyer, and worker info.
One of many recordsdata incorporates roughly 1,000 data of what look like current buyer assist tickets and RMA requests, which embody clients’ names, e mail addresses, date of delivery, bodily addresses, cellphone numbers, and IP addresses.
BleepingComputer has confirmed with quite a few Cooler Grasp clients on this file that the listed information is right and that they opened an RMA or assist ticket on the date specified within the leaked pattern.
Whereas the knowledge on this RMA information is confirmed to be legit for the purchasers who responded to our emails, BleepingComputer was unable to confirm the opposite information.
Nevertheless, BleepingComputer might discover no proof in these recordsdata that bank card info was stolen as claimed by the risk actor.
The risk actor says they’ll promote the info sooner or later however has but to decide on the value.
BleepingComputer tried to contact Cooler Grasp about this breach quite a few instances however didn’t obtain a reply to our emails.
