Computer hardware manufacturer Cooler Master has fallen victim to a significant data breach, with a threat actor claiming to have accessed and stolen the Fanzone member information of 500,000 customers. The breach, orchestrated by an actor known as ‘Ghostr’, involved breaching Cooler Master’s website and extracting a vast amount of data, including personal information and plain unencrypted credit card details. Despite attempts to contact Cooler Master for payment in exchange for not leaking or selling the stolen data, the company did not respond to the threat actor’s demands.
Cooler Master, based in Taiwan, is renowned for its wide range of computer peripherals, including cases, cooling devices, gaming chairs, and more. The breach, which occurred on May 18th, 2024, compromised various databases containing corporate, vendor, sales, warranty, inventory, and human resources data, in addition to the Fanzone member information. The Fanzone site, used for product warranty registration, support requests, and news updates, was exploited by the threat actor to gain access to sensitive customer data.
Despite Cooler Master customers confirming the legitimacy of some of the leaked data, there was no evidence in the files to suggest that credit card information was compromised, contrary to the threat actor’s claims. However, the threat actor intends to sell the stolen data in the future, although the price has yet to be determined. Cooler Master has not responded to inquiries regarding the breach, leaving affected customers concerned about the security of their personal information and the company’s response to the incident.
