Retail & Commerce / Gaming Hardware / Custom controller manufacturer and direct retailer / United States (global sales)
Maker of high-performance custom gaming controllers (now part of Corsair), popular with competitive console and PC gamers.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In 2015, Scuf Gaming suffered a data breach exposing roughly 128,683 accounts, later indexed by Have I Been Pwned. Exposed data included email addresses, usernames, display names, IP addresses and hashed passwords. (Scuf was also hit by a separate 2020 exposure of a 1.1M-record development database and a 2021 payment-skimming attack; this entry corresponds to the 2015 account dataset.)
Full threat analysis, exploitation vectors, and principal guidance below.
9 additional sections · verified field analysis · defensive doctrine
128.7k records analyzed
Scuf Gaming is a maker of high-performance custom gaming controllers designed for competitive console and PC play, known for paddle-equipped and customizable designs. A US-based brand now part of Corsair, it sells directly to gamers online and holds patents central to the pro-controller market.
As a direct-to-consumer hardware retailer, Scuf Gaming holds customer-account records including email addresses, usernames and display names, IP addresses and hashed passwords, along with order data collected through its web store and community accounts.
A Scuf Gaming dataset of about 128,683 accounts originating from a 2015 breach circulates and was (re)indexed by Have I Been Pwned; Scuf separately experienced a 2020 exposure of a development database and a 2021 web-skimming incident. The brand continues to operate under Corsair.
The 2015 exposure primarily creates credential and account-security risk for Scuf's gaming customer base, and the dataset's continued circulation keeps it available for credential-stuffing years later. It contributed to a pattern of security incidents that has drawn scrutiny of the brand's data protection.
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation