A SCUF data breach has taken place, exposing 1.1 million customer records including some credit card data.
The breach was discovered by Comparitech, a pro-consumer website that is comprised of more than 30 researchers covering a variety of topics. One of these topics, naturally, is data breaches and this most recent one involving SCUF looks a bit rough. Thankfully, it's certainly not as bad as it could have been.
What was Exposed in the SCUF Data Breach?
Let's get the big bugbear out of the way: this is the information that Comparitech says was exposed in this data breach:
- 1,128,649 records containing full names, email addresses, billing addresses, shipping addresses, phone numbers, and order histories
- 991,478 records containing payment details including order numbers, partial credit card numbers, credit card expiration dates, order amounts, and transaction IDs
- 754 SCUF Gaming staff records including usernames, full names, encrypted passwords, email addresses, user roles, and session IDs
- 144,379 records with repair order details
What are the Risks to Customers?
One important thing to note is that only "partial credit card numbers" were exposed. Whoever pulled off this data breach didn't manage to get all of the information, so you should be safe from any immediate, easy fraud on the part of the people behind this breach. Most of the records appear to be from 2017–2020.
However, it's possible that the information discovered by the hackers could be used for phishing attempts. Be especially wary of any e-mails purporting to be from SCUF and make sure to monitor your credit card and banking statements for any fraudulent charges.
As an aside, some internal data was also exposed like staff logins and internal API data. Employee login sessions were restricted to 24 hours at a time, so that should mitigate any potential damage there. As for the API data, it could potentially be used towards future attacks, but SCUF is equally aware of this and may beef up their security in the future.
SCUF's Statement on the Data Breach
SCUF responded to a request from Comparitech. Here is the company's statement as noted in the article:
"[…] Once notified, we identified the root cause of this exposure and secured the database within two hours. While investigating Mr. Diachenko’s warning, we also discovered that a bot had connected to the database’s server and placed a ransom note there. We have no evidence that either the bot or any other actor was able to misappropriate customer data."
"This issue was specific to one system, being operated off-site due to work-from-home precautions resulting from the current COVID-19 pandemic."
While the SCUF data breach was certainly unfortunate, it could have been much, much worse. Customers will have to be on guard to protect against any phishing scams, but it appears that the most serious possible consequences have been avoided for now.
Read more about how the COVID-19 novel coronavirus is affecting the gaming world at our Coronavirus Gaming Convention Cancellations and Game Delays Hub.
Were you affected by the SCUF data breach? What do you think about how the company has responded to this incident? Let us know in the comments below!
