Atlanta, GA, April 10, 2020: SCUF Gaming has today concluded an investigation into a potential data exposure that was recently brought to our attention.
On April 2, we were notified by security researcher Bob Diachenko that an internal development database was potentially exposed to the internet. Once notified, we identified the root cause of this exposure and secured the database within two hours. While investigating Mr. Diachenko’s warning, we also discovered that a bot had connected to the database’s server and placed a ransom note there. We have no evidence that either the bot or any other actor was able to misappropriate customer data.
This issue was specific to one system, being operated off-site due to work-from-home precautions resulting from the current COVID-19 pandemic. It contained a database used for customer orders, returns and repairs, along with other non-sensitive customer information. We immediately took action to close off this access.
Please rest assured, there is no risk of exposed customers’ full credit card numbers, credit card CVV numbers, scufgaming.com user names, encrypted customer passwords, or any card information for orders processed via PayPal or other payment methods.
Information in the database did include customers’ name, email address, shipping address, billing address, SCUF order history, and if applicable SCUF returns and repairs history. Only the last four digits of payment cards and payment card expiration dates for orders processed before March 28, 2019 were included.
We understand the importance of our customers’ privacy and security, and are taking immediate steps to directly notify all affected customers. We are also performing an in-depth security audit to test that our other systems and databases remain secure.
We encourage our customers to monitor their personal accounts and email for suspicious activity and be cautious of any unsolicited communications that ask for their personal data or refer you to a web page asking for personal data.
If our customers require further information regarding this data exposure and how they may be affected, they can contact [email protected].
We take the security of the data you entrust to us extremely seriously and are committed to keeping it safe, both now and in the future. We wish to thank Bob Diachenko, security researcher at SecurityDiscovery.com, for his help in bringing this issue to our attention and our IT team for resolving it rapidly.
We hope you stay safe and well in these challenging times with COVID-19.