Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Security

YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server 16

ewhac (Slashdot reader #5,844) writes: Friday the hardware review site Gamers Nexus filed a YouTube video report alleging some serious claims: that PC component manufacturer MSI left their internal warranty and RMA processing web site accessible to the open Internet, with no authentication. Virtually the entire history of MSI warranty claims going back to at least 2017 were searchable and accessible for the browsing, including customer names, email addresses, phone numbers, and serial numbers of MSI devices.

This event follows closely on the heels of a video report just a few days earlier alleging PC component manufacturer Zotac left their warranty/RMA and B2B records server open to indexing by Google.

Gamers Nexus posted their reports after informing Zotac and MSI of their open servers and verifying they were no longer accessible. However, the data from MSI's server could have been fully scraped at this point, giving scammers a gold mine of data permitting them to impersonate MSI personnel and defraud customers. Anyone who's filed a warranty or RMA claim with MSI in the past seven years should exercise caution when receiving unsolicited emails or phone calls purporting to be from MSI.
This discussion has been archived. No new comments can be posted.

YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server

Comments Filter:
  • "Virtually the entire history of MSI warranty claims going back to at least 2017"
     
    Micro Star (MSI) goes back to 1986, that word "Virtually" is doing a lot of heavy lifting in this sentence

    • by jhoegl ( 638955 )
      Do semantics matter that much to you?
      • Do semantics matter that much to you?

        If the company reporting that exaggeration even one time was labeled as virtually lying every time they write something, yeah. They would certainly see the point when exaggerative bullshit is turned against them.

        Claiming a company’s entire customer history going back forever has been stolen, is a hell of a lot worse than what actually happened. They’re also a public company, so perhaps shareholders should sue lying reporters to drive the point home further.

        • by jhoegl ( 638955 )
          Considering the title is right (and if you knew about the facts, then you would know a large portion is "test" RMAs), then its odd you went for something relative vs something not so relative.

          But hey... just reading summaries someone else wrote is enough I guess.
          • Considering the title is right.

            Since when does a theft of data from 2017-present for a company damn near 40 years old warrant describing the hack using prepended statements like “virtually the entire history of MSI..”?

            Accurate title my ass. It’s shit wordsmithing abused for sensationalism. And facts matter when you’re shit-talking a public company. They would have likely fired their CFO if they reported something like that.

            • Is it so hard to parse something? You think it isn't accurate and it's wordsmithing so let me explain where you went wrong:

              "Virtually the entire history of " refers to "MSI warranty claims going back to at least 2017", it doesn't refer to "MSI" as an entity since it isn't in possessive form.

              The "warranty claims" are what customers filed against MSI and virtually all those "MSI warranty claims" could be accessed by anyone since 2017.

              • Is it so hard to parse something? You think it isn't accurate and it's wordsmithing so let me explain where you went wrong:

                "Virtually the entire history of " refers to "MSI warranty claims going back to at least 2017", it doesn't refer to "MSI" as an entity since it isn't in possessive form.

                Regardless of the grammar semantics, you have done nothing but prove my point in that the “Virtually the entire history of” statement was nothing but exaggerative bullshit and completely unnecessary to describe the situation that actually happened to support factual reporting.

                And unfortunately for Facts, clickbait bullshit is literally now valued in society as much as narcissism is. (One can’t argue that the very best of our attention whores on social media are in fact multi-millionaires,

                • So how would you describe that virtually the entire history of customers' warranty claims was accessible since 2017?

                  Complaining about "clickbait bullshit" for a sentence that occurs in the text and not the headline is stretching that definition quite a bit, to borrow your words about such practice: "Itâ(TM)s shit wordsmithing abused for sensationalism."

                  • So how would you describe that virtually the entire history of customers' warranty claims was accessible since 2017?

                    ”A system security problem was reported today to MSI, with customer warranty records from 2017 to present being available to anyone with the address online. The company has reported that while this represents a small fraction of private information, they have taken the issue very seriously, correcting the access problem immediately after being notified. It is not yet known whether customer warranty records were actually taken or distributed further, but the ethical hacker did notify MSI of the breac

  • by madbrain ( 11432 ) on Saturday July 13, 2024 @08:28PM (#64623927) Homepage Journal

    Seriously, YouTube had nothing to do with the investigation, the video is just being posted there.

    Now, get off my lawn.

  • Never needed RMA service. My data is safe. I never send in warranty cards.

    After the jiffy pop issues of their early boards they have been issue free for me and my customers. ASUS not so much. And we won't even discuss Gigglebytes.

  • Orshould I say, your very public extended warranty

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...