Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Hacker puts the heat on Cooler Master, claims 103GB of data stolen

A threat actor has claimed to have breached the website of major computer hardware manufacturer Cooler Master, exfiltrating the data of over 500,000 people.

user icon Daniel Croft
Thu, 30 May 2024
Hacker puts the heat on Cooler Master, claims 103GB of data stolen
expand image

The hacker, who goes by the name “GHOSTR” reached out to technology and security publication BleepingComputer, claiming to have breached one of Cooler Master’s websites and exfiltrated over 103 gigabytes of data.

Cooler Master is best known for its manufacturer of PC cases, gaming chairs, fans and cooling systems and more.

As seen by Cyber Daily, GHOSTR listed Cooler Master on infamous hacking forum BreachForums, claiming to have accessed the company’s networks on 18 May this year.

============
============

“This data breach includes Cooler Master corporate, vendor, sales, warranty, inventory and HR data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information, including name, credit card number, expiry date and 3 digits CC code,” said GHOSTR in the post.

According to GHOSTR speaking with BleepingComputer, the threat actor exfiltrated a database from Cooler Master’s Fanzone website, which is used for contacting support, registering product warranty, requesting return merchandise authorisation and news updates.

The database was accessed after GHOSTR breached a public-facing website, which allowed for several different databases to be accessed and downloaded.

Accompanying the listing is a list of links to sample CSV data, which was inaccessible by Cyber Daily at the time of writing, but BleepingComputer said the links contain a variety of data types, affecting employees, customers, and vendors and containing product informayion.

The publication found that one file contained over 1,000 records of what seem to be customer support tickets and return merchandise authorisation requests, containing names, emails, birthdays, IP addresses, phone numbers, and physical addresses.

The data also appears to be legitimate, with BleepingComputer saying it confirmed with customers who opened support tickets. Evidence that credit card information was compromised was not found.

GHOSTR also said Cooler Master was contacted with ransom demands but that it did not respond. It now says it will sell the data at a price to be decided at a later date.

Cyber Daily has reached out to Cooler Master for comment.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.