YouTube Investigators Say MSI Exposed 600K+ Warranty Records Via an Open Server – Slashdot
Posted by EditorDavid from the security-holes dept.
ewhac (Slashdot reader #5,844) writes: Friday the hardware review site Gamers Nexus filed a YouTube video report alleging some serious claims: that PC component manufacturer MSI left their internal warranty and RMA processing web site accessible to the open Internet, with no authentication. Virtually the entire history of MSI warranty claims going back to at least 2017 were searchable and accessible for the browsing, including customer names, email addresses, phone numbers, and serial numbers of MSI devices.
This event follows closely on the heels of a video report just a few days earlier alleging PC component manufacturer Zotac left their warranty/RMA and B2B records server open to indexing by Google.
Gamers Nexus posted their reports after informing Zotac and MSI of their open servers and verifying they were no longer accessible. However, the data from MSI’s server could have been fully scraped at this point, giving scammers a gold mine of data permitting them to impersonate MSI personnel and defraud customers. Anyone who’s filed a warranty or RMA claim with MSI in the past seven years should exercise caution when receiving unsolicited emails or phone calls purporting to be from MSI.
If you’re not careful, you’re going to catch something.
Working…
