I suspect a lawsuit against MSI will happen soon from this, there is just no excuse for that... while a good chunk of those RMA's will be B2B and EDU cases, still a significant number of individual users that will be affected.
Zotac has the benefit that it wasn't as easy to get everything.
Comment has been collapsed.
I wonder how they will handle this in the context of GDPR, if any European customers were affected. They have to inform affected people that their data was leaked.
While MSI provided a useful button to simply export everything to Excel, it would not be hard for a bad actor to crawl through the Zotac database. Using either previously leaked database of email addresses or actual names from social media to crawl the database, and download any hit that would be returned.
Comment has been collapsed.
In the case of Zotac attachments uploaded by the customers as part of their RMA process were publicly available. Enough to google someone's name and get a PDF as a result (proof of purchase, invoices, RMA status updates etc.). And those PDF could containt full names, addresses, phone numbers, and emails. What, when, and for how much something was bough
I mean... seriously? I understand data breaches and hackers getting into stuff but their data was not even secure enough that google couldn't get into it? They really should be severely punished for that kind of carelessness.
Comment has been collapsed.
Like one of the Zotac partners eloquently said to Gamers Nexus:
If I can Google search my own credit memos... what the f*** is this? How can you be so insecure? How can you run a business like this?"
A credit memo is a contraction of the term "credit memorandum," which is a document issued by the seller of goods or services to the buyer, reducing the amount that the buyer owes to the seller under the terms of an earlier invoice. A credit memo may be issued because the buyer returned goods to the seller, or there is a pricing dispute, or a marketing allowance, or other reasons under which the buyer will not pay the seller the full amount of the invoice.
Note because I did not know what credit memo is, so more people may not know what it is
Comment has been collapsed.
Yeah I'm absolutely stunned and I can't imagine how stunned I would be if I had money in that business.
Everyone makes mistakes and we all know things can fall through the cracks of technical support, IT and other departments but that's why there should be redundancy after redundancy and multiple checks across the board, including data security auditing by external consultants.
Note because I did not know what credit memo is, so more people may not know what it is
Heh I worked in finance in a previous life so I know about it but I am fairly sure most people I went to business school with wouldn't know what a credit memo is so it was a helpful detail.
Comment has been collapsed.
the trick to never fall for any of those scam offers is to never have any money in the 1st place ¯_(ツ)_/¯
Comment has been collapsed.
pro player tip, always answer my phone on scam calls and set the phone down, they hang up after x amount of time. hardly ever get scam calls now. like 2 3 times a month i will get scam calls now
Comment has been collapsed.
I was thinking about buying a laptop for development purposes from MSI, guess that's off the table...
Comment has been collapsed.
This news doesn't mean Asus, Apple or HP won't have the same issue tomorrow 😅 I would prioritize things like repairability or work culture. With security, the question is always when another company will fail to protect customer data, not if it will happen.
More like a shot-out to people who may be affected to be more careful, and rest to pay more attention to what unnecessary data we share all the time. People are uploading whole Amazon shopping carts as evidence that they bought one item from the provided list. Like it would be so hard to use paint and censor the screenshot.
Comment has been collapsed.
Of course, but there are limited options that make laptops with decent graphics cards for gaming. Repairability is a big concern since I started following people like Louis Rossmann. I don't want to be stuck with an expensive paperweight if it can't be repaired.
Comment has been collapsed.
3 Comments - Last post 4 minutes ago by WastedYears
1,447 Comments - Last post 1 hour ago by Detruire
34 Comments - Last post 1 hour ago by Tix007
186 Comments - Last post 3 hours ago by OneManArmyStar
584 Comments - Last post 7 hours ago by DarthLonginus
15,951 Comments - Last post 11 hours ago by Fluffster
1,160 Comments - Last post 12 hours ago by SaPOWrra
1,699 Comments - Last post 28 minutes ago by Mdk25
21 Comments - Last post 40 minutes ago by AiKirika
2,665 Comments - Last post 41 minutes ago by JMM72
40 Comments - Last post 1 hour ago by FatPikachu7
6,860 Comments - Last post 1 hour ago by kolja300314
7,603 Comments - Last post 2 hours ago by Adekus
27,270 Comments - Last post 2 hours ago by Mhol1071
In the case of Zotac attachments uploaded by the customers as part of their RMA process were publicly available. Enough to google someone's name and get a PDF as a result (proof of purchase, invoices, RMA status updates etc.). And those PDF could containt full names, addresses, phone numbers, and emails. What, when, and for how much something was bought (e.g. proof of purchase for RTX 3090 will show when I bought the card, in which shop, and for how much).
Gamers Nexus video
Toms Hardware news post
In the case of MSI, an issue with the intranet configuration server made a whole database of RMAs for the past 6-7 years publicly available. RMA numbers, customer emails, status, request date, and address were all there in plain text.
Gamers Nexus video
Both companies already fixed the issues, but we can't know if (or how much) of it was downloaded by scammers that will either use it for targeted scams or try to sell it on the darknet. As the source is patched it's no longer possible to "google yourself" and see if data was compromised, so I would assume if someone had RMA with Zotac or MSI it was compromised. So keep an eye on any "too good to be true" RMA offers. Like giving you a new card if you just pay a $100 fee for the upgrade. Or just send us your stuff to this shifty-looking address, and we will post a shiny new item ASAP.
Gamers Nexus also makes a good point about redacting information that is not necessary when sending proof. If I RMA a GPU that I bought, I don't need to leave in the PDF of the purchase my address, phone number, card number, email etc. And if you redact a field that they actually need they will ask to submit it again.
Comment has been collapsed.