Cooler Master Data Breach Allegedly Exposes Details Of Half A Million Customers To Hackers

Cooler Master Masterliquid ML240L RGB installed in a PC (closeup of the pump on the CPU)
Registered members of Cooler Master's Fanzone program should be on extra high alert for phishing attempts and other cyber shenanigans, like unusual (and otherwise unexpected) credit card charges. That's because a hacker purportedly managed to breach Cooler Master's website and ransack a boatload of data containing personal details for some 500,000 customers.

For those who are unfamiliar with Fanzone, it's basically part of Cooler Master's product registration program—when you register a Cooler Master product (like one of its new gaming chairs), you're enrolled into Fanzone, which unlocks the full warranty (if applicable) and comes with several perks, such as special offers and access to member-only events and campaigns. Fanzone is also used to process RMA requests.

While Cooler Master itself hasn't commented on the data breach, a hacker who goes by the alias 'Ghostr' claims to have infiltrated one of the company's front-facing websites and downloaded several databases. Ghostr purportedly was able to lift 103GB of data containing a treasure trove of customer information.

Screenshot of Cooler Master's Fanzone site.

"This data breach included Cooler Master corporate, vendor, sales, warranty, inventory, and HR data as well as over 500,000 of their Fanzone members' personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry, and 3 digits CC code," Ghostr said in a statement to BleepingComputer.

What's perhaps most startling about the breach is that the hacker allegedly managed to swipe pertinent credit card details, including all-important credit card identification codes, those three-digit numbers on the backs of cards that are used to validate purchases. Those numbers exist to prevent fraud, but if stolen, could help actually assist with making fraudulent charges.

The folks at Bleeping Computer say they took a gander at a small sample of stolen data provided by Ghostr, and then verified with several impacted customers that at least some of the information is legitimate. All of the customers contacted stated they did indeed open a support or RMA ticket on dates listed in the leaked sample.

Offering a glimmer of hope to those impacted, the site says it was unable to verify any of the other supposedly stolen data, including credit card details. So it's possible that the hacker is overstating the situation in hopes of extorting a ransom from Cooler Master.

In any event, if you've ever registered a product with Cooler Master or otherwise provided personal details to the customers, keep your head on a swivel.