Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data.
Cooler Master is a popular computer hardware manufacturer known for their cooling devices, computer cases, power supplies, and other peripherals.
BleepingComputer reported yesterday that a threat actor known as ‘Ghostr’ told us they hacked the company’s Fanzone website on May 18 and downloaded its linked databases.
Cooler Master’s Fanzone site is used to register a product’s warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses.
Ghostr said they were able to download 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.
The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master.
Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples.
After contacting Cooler Master on Tuesday, the company has confirmed to BleepingComputer that they suffered a data breach and are in the process of notifying customers.
“We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols.
We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process.”
❖ Cooler Master
The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price.
While only a limited amount of data has been shared by the threat actor, if there is indeed information about 500,000 Cooler Master customers, then there is a good chance it will be sold to another threat actor.
Therefore, all Cooler Master customers who have registered an account on the company’s Fanzone site should be on the lookout for targeted phishing emails and other social engineer attacks designed to steal further personal information.