"Cooler Master Hit by Data Breach Exposing Customer Information"

Computer hardware manufacturer Cooler Master has recently suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.  Yesterday, a threat actor by the alias "Ghostr" contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.  The threat actor told Bleeping Computer that this data breach included cooler master corporate, vendor, sales, warranty, inventory, and HR data as well as over 500,000 of their fanzone member's personal information, including name, address, date of birth, phone, email, plain unencrypted credit card information containing name, credit card number, expiry, and 3 digits cc code.  Ghostr told BleepingComputer that the data was stolen by breaching one of the company's front-facing websites, allowing them to download numerous databases, including the one containing Fanzone information.  The threat actor said they attempted to contact the company for payment not to leak or sell the data, but Cooler Master did not respond.  BleepingComputer noted that the threat actor did share a link to a small sample of allegedly stolen data in the form of comma-separated values files (CSV) that appear to have been exported from Cooler Master's Fanzone site.  BleepingComputer has confirmed with numerous Cooler Master customers in this file that the listed data is correct and that they opened an RMA or support ticket on the date specified in the leaked sample.  While the information in this RMA data is confirmed to be legitimate for the customers who responded to their emails, BleepingComputer was unable to verify the other data.  BleepingComputer attempted to contact Cooler Master about this breach numerous times but did not receive a reply to their emails.

 

BleepingComputer reports: "Cooler Master Hit by Data Breach Exposing Customer Information"

Submitted by Adam Ekwall on