A threat actor known as 'Ghostr' told Bleeping Computer that it hacked the company's Fanzone website on May 18 and downloaded its linked databases.
Cooler Master's Fanzone site is used to register a product's warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses.
Ghostr said it downloaded 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.
The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master.
Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but Bleeping Computer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price.
Cooler Master said, "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."