Scam Warning: MSI Exposes 600,000+ Warranty Records

Watch the Zotac incident here: https://www.youtube.com/watch?v=UHxQC95syc0 You can email tips of hardware issues, whether that's device failures, bad RMA practices, or stories like these, to tips at gamersnexus dot net.

I’ve got an MSI motherboard and a Zotac GPU. So if anyone wants to come hang out later, you’ve got the address 🤷‍♂️

"hello, I am from msi, you need to buy $500 gift card in order to pay for your RMA"

FFS! Why? Why are so many companies so completely terrible at basic security with customer data? Why are these companies not held accountable with actual punishments, not just tiny fines and offers of "credit monitoring?"

Any European customer affected by this should sue on the grounds of gross negligence in protecting your data with GDPR. This is not one failure, this is a culmination of multiple non-existent security measures. Having the server accessible from the internet itself is not bad or wrong depending on your architecture and goals, but having no authentication, no connection controls, no restrictions on what data can be viewed, no protection of the data itself, and more is enough to call them incompetent and sue them.

Someone needs to tell them that this isn't the competition we meant.

Publicly accessible intranet are not words that belong on the same sentence.

As a firewall engineer, this is mind boggling to me how many things need to actually be wrong for this database to be publicly available. Im not even entirely sure this is possible by pure negligence or incompetence, but I rather suspect an insider threat to be honest. Furthermore, with this kind of personal information, you can be absolutely sure that everything from SIM swapping to actual credit card fraud and identity theft with this data is already being performed right now. You'd be surprised how quickly these infos get sold and used.

This is a hyperviolation of the GDPR. They are doing business in the EU and the site was accessible from the EU and the customers are from the EU. Other jurisdictions have similar legislations. The fines are going to be astronomical - at least, I hope so. How can you not even implement auth for this?

A content creator I watched earlier said “MSI is one of the few companies that hasn’t been under fire recently” and here we are, a couple hours later. The timing is immaculate.

This year's tshirt could end up being knee-length

Hey Steve, security engineer for an F500 here. I’m glad you’ve been covering these issues with MSI and Zotac. And I really, really appreciate your responsible disclosure on this and relaying this information to the consumer. I think the way you presented this information was extremely well handled, and I think the examples provided with what a threat actor can do with this information is very sensible and grounded in reality. Great job team.

3:21 That's very ethical of you. Instead of jumping on it to get quick clicks you waited to minimize the damage. 👏👏👏 In a world of youtubers driven by clickbaits and doing everything to be the first, its a relief that channels like Gamer Nexus and Hardware Unboxed exists

Gotta say it's a weird premium experience when you can go into a store with cash and receive a receipt that store will honor if you need to make a return.

10:35 - I always remember: if even Jim Browning, a guy who does scam busting videos, can get scammed - anyone can get scammed no matter how savvy they are. It just takes one email on an off day and bam, you get scammed.

Yall are doing great work out there. Thank you for all your effort

As someone who attends server Network/IT conferences, I see this getting heavily brought up as an example in presentations very soon.

So, I've literally already received 3-4 letters in the mail this year about data breach's from businesses I use, Including my Hospital. These data leaks are getting out of hand. Companies need to do better with their data security.

This is pure negligence. In this day and age, any company should know better. The negligence is so bad that fines should be involved here.

Thanks for exposing this. Appreciate you, as always GN.