I suspect a lawsuit against MSI will happen soon from this, there is just no excuse for that... while a good chunk of those RMA's will be B2B and EDU cases, still a significant number of individual users that will be affected.
Zotac has the benefit that it wasn't as easy to get everything.
Comment has been collapsed.
I wonder how they will handle this in the context of GDPR, if any European customers were affected. They have to inform affected people that their data was leaked.
While MSI provided a useful button to simply export everything to Excel, it would not be hard for a bad actor to crawl through the Zotac database. Using either previously leaked database of email addresses or actual names from social media to crawl the database, and download any hit that would be returned.
Comment has been collapsed.
In the case of Zotac attachments uploaded by the customers as part of their RMA process were publicly available. Enough to google someone's name and get a PDF as a result (proof of purchase, invoices, RMA status updates etc.). And those PDF could containt full names, addresses, phone numbers, and emails. What, when, and for how much something was bough
I mean... seriously? I understand data breaches and hackers getting into stuff but their data was not even secure enough that google couldn't get into it? They really should be severely punished for that kind of carelessness.
Comment has been collapsed.
Like one of the Zotac partners eloquently said to Gamers Nexus:
If I can Google search my own credit memos... what the f*** is this? How can you be so insecure? How can you run a business like this?"
A credit memo is a contraction of the term "credit memorandum," which is a document issued by the seller of goods or services to the buyer, reducing the amount that the buyer owes to the seller under the terms of an earlier invoice. A credit memo may be issued because the buyer returned goods to the seller, or there is a pricing dispute, or a marketing allowance, or other reasons under which the buyer will not pay the seller the full amount of the invoice.
Note because I did not know what credit memo is, so more people may not know what it is
Comment has been collapsed.
Yeah I'm absolutely stunned and I can't imagine how stunned I would be if I had money in that business.
Everyone makes mistakes and we all know things can fall through the cracks of technical support, IT and other departments but that's why there should be redundancy after redundancy and multiple checks across the board, including data security auditing by external consultants.
Note because I did not know what credit memo is, so more people may not know what it is
Heh I worked in finance in a previous life so I know about it but I am fairly sure most people I went to business school with wouldn't know what a credit memo is so it was a helpful detail.
Comment has been collapsed.
the trick to never fall for any of those scam offers is to never have any money in the 1st place ¯_(ツ)_/¯
Comment has been collapsed.
pro player tip, always answer my phone on scam calls and set the phone down, they hang up after x amount of time. hardly ever get scam calls now. like 2 3 times a month i will get scam calls now
Comment has been collapsed.
I was thinking about buying a laptop for development purposes from MSI, guess that's off the table...
Comment has been collapsed.
This news doesn't mean Asus, Apple or HP won't have the same issue tomorrow 😅 I would prioritize things like repairability or work culture. With security, the question is always when another company will fail to protect customer data, not if it will happen.
More like a shot-out to people who may be affected to be more careful, and rest to pay more attention to what unnecessary data we share all the time. People are uploading whole Amazon shopping carts as evidence that they bought one item from the provided list. Like it would be so hard to use paint and censor the screenshot.
Comment has been collapsed.
Of course, but there are limited options that make laptops with decent graphics cards for gaming. Repairability is a big concern since I started following people like Louis Rossmann. I don't want to be stuck with an expensive paperweight if it can't be repaired.
Comment has been collapsed.
91 Comments - Last post 13 minutes ago by Gurthfin
2,772 Comments - Last post 56 minutes ago by Kingsajz
30 Comments - Last post 2 hours ago by CalamityUP
501 Comments - Last post 5 hours ago by Luacs
259 Comments - Last post 5 hours ago by Luacs
77 Comments - Last post 5 hours ago by Rocky9
16,629 Comments - Last post 7 hours ago by Lucwar
97 Comments - Last post 1 minute ago by LieEater
103 Comments - Last post 18 minutes ago by Swordoffury
70 Comments - Last post 25 minutes ago by Ackatos
65 Comments - Last post 50 minutes ago by Vasharal
91 Comments - Last post 56 minutes ago by Vasharal
277 Comments - Last post 58 minutes ago by lav29
0 Comments - Created 1 hour ago by coleypollockfilet
In the case of Zotac attachments uploaded by the customers as part of their RMA process were publicly available. Enough to google someone's name and get a PDF as a result (proof of purchase, invoices, RMA status updates etc.). And those PDF could containt full names, addresses, phone numbers, and emails. What, when, and for how much something was bought (e.g. proof of purchase for RTX 3090 will show when I bought the card, in which shop, and for how much).
Gamers Nexus video
Toms Hardware news post
In the case of MSI, an issue with the intranet configuration server made a whole database of RMAs for the past 6-7 years publicly available. RMA numbers, customer emails, status, request date, and address were all there in plain text.
Gamers Nexus video
Both companies already fixed the issues, but we can't know if (or how much) of it was downloaded by scammers that will either use it for targeted scams or try to sell it on the darknet. As the source is patched it's no longer possible to "google yourself" and see if data was compromised, so I would assume if someone had RMA with Zotac or MSI it was compromised. So keep an eye on any "too good to be true" RMA offers. Like giving you a new card if you just pay a $100 fee for the upgrade. Or just send us your stuff to this shifty-looking address, and we will post a shiny new item ASAP.
Gamers Nexus also makes a good point about redacting information that is not necessary when sending proof. If I RMA a GPU that I bought, I don't need to leave in the PDF of the purchase my address, phone number, card number, email etc. And if you redact a field that they actually need they will ask to submit it again.
Comment has been collapsed.