Scam Warning: MSI Exposes 600,000+ Warranty Records

preview_player
Показать описание
MSI had its internal warranty (RMA) server publicly exposed, where hundreds of thousands of warranty records were available to anybody. There was no hack required, no account access required, and it was all in plain text. We held publication until MSI closed the server off from public access. This follows a similar story we ran on Zotac last week.



TIMESTAMPS

00:00 - MSI Records Publicly Accessible
03:20 - Zero-Skill Vulnerability
07:30 - Scams
11:16 - PSA - Again
12:42 - Issue is Closed

** Please like, comment, and subscribe for more! **

Links to Amazon and Newegg are typically monetized on our channel (affiliate links) and may return a commission of sales to us from the retailer. This is unrelated to the product manufacturer. Any advertisements or sponsorships are disclosed within the video ("this video is brought to you by") and above the fold in the description. We do not ever produce paid content or "sponsored content" (meaning that the content is our idea and is not funded externally aside from whatever ad placement is in the beginning) and we do not ever charge manufacturers for coverage.

Follow us in these locations for more gaming and hardware updates:


Host: Steve Burke
Video: Vitalii Makhnovets
  1. Gamers Nexus
  2. gamersnexus
  3. gamers nexus
  4. computer hardware
  5. msi
  6. msi warranty breach
Рекомендации по теме
Scam Warning: MSI 0:15:01

Scam Warning: MSI Exposes 600,000+ Warranty Records

@TechBurner Girlfriend Reveal?😮 0:00:51

@TechBurner Girlfriend Reveal?😮 #suhanishah #sushasquad

Buy This Computer 0:09:15

Buy This Computer or You Will Regret It

Finally ✅ Meet 0:00:24

Finally ✅ Meet up with tanishka yadav Neet 2022 topper #aiimsdelhi #neet #neet2022 #shorts #short

I've Been Investing 0:03:45

I've Been Investing $1,000 A Month Into Whole Life Insurance

MSI codex R 0:10:53

MSI codex R gaming computer FAIL, so much frustration & Snowrunner gameplay

The Dirty Mobile 0:56:31

The Dirty Mobile Phone Industry | Investigative Documentary

We made the 0:15:06

We made the SLOWEST BRAND NEW PC!

1000$-1200$ Streamer Build 0:13:41

1000$-1200$ Streamer Build Guide

MY FIRST GAMING 0:18:55

MY FIRST GAMING FROM TECHPC7 @TechBudgetGamer BUT I GOT SCAMMED😡 | #gamingpc #techpc7 #scamed

LIVE hearing from 1:52:20

LIVE hearing from the Special Committee on Aging on frauds and scams targeting older Americans

Finally! AMD Is 0:16:34

Finally! AMD Is Fixed!

Wasted Potential: Lenovo 0:29:51

Wasted Potential: Lenovo Legion 5i Pre-Built $1050 Gaming PC Review & Benchmarks

HW News - 0:32:01

HW News - Fraudulent Used Video Cards, 7950X3D Pricing, New NVIDIA 'Titan' Rumors

YouTube Ads Told 0:29:49

YouTube Ads Told Us to Buy This: Redux Gaming PC Review

The Science of 0:21:18

The Science of Seaspiracy Debunked

How cheap can 0:25:01

How cheap can I build a 'Gaming PC' for in 2022

The Lazy Trading 0:54:47

The Lazy Trading System explained

TETHER COLLAPSE PART 0:08:58

TETHER COLLAPSE PART 2 | News Update

What to Look 0:23:13

What to Look for in Cybersecurity Content Creators

Facebook whistleblower testifies 4:49:45

Facebook whistleblower testifies at Senate hearing on kids’ safety online - 10/5 (FULL LIVE STREAM)...

CISO Forum 2020 0:59:54

CISO Forum 2020 | CyberCrime Trends of 2020

Bazaar Pe Charcha 1:06:43

Bazaar Pe Charcha with Team TraderSmith | August 24, '23

CyberSecurity Weekly Hacker 0:41:21

CyberSecurity Weekly Hacker News April 01 - 08, 2023 #hacker #cybersecurity #ddos

Комментарии
Автор

You can email tips of hardware issues, whether that's device failures, bad RMA practices, or stories like these, to tips at gamersnexus dot net.

GamersNexus
Автор

I’ve got an MSI motherboard and a Zotac GPU. So if anyone wants to come hang out later, you’ve got the address 🤷‍♂️

HeyImKevin
Автор

Someone needs to tell them that this isn't the competition we meant.

monkeyrebellion
Автор

Gotta say it's a weird premium experience when you can go into a store with cash and receive a receipt that store will honor if you need to make a return.

conorjohn
Автор

Any European customer affected by this should sue on the grounds of gross negligence in protecting your data with GDPR. This is not one failure, this is a culmination of multiple non-existent security measures. Having the server accessible from the internet itself is not bad or wrong depending on your architecture and goals, but having no authentication, no connection controls, no restrictions on what data can be viewed, no protection of the data itself, and more is enough to call them incompetent and sue them.

DerUnglaublicheFrank
Автор

Hey Steve, security engineer for an F500 here. I’m glad you’ve been covering these issues with MSI and Zotac. And I really, really appreciate your responsible disclosure on this and relaying this information to the consumer. I think the way you presented this information was extremely well handled, and I think the examples provided with what a threat actor can do with this information is very sensible and grounded in reality. Great job team.

WinterKnight
Автор

"hello, I am from msi, you need to buy $500 gift card in order to pay for your RMA"

jonahhekmatyar
Автор

Publicly accessible intranet are not words that belong on the same sentence.

netoeli
Автор

A content creator I watched earlier said “MSI is one of the few companies that hasn’t been under fire recently” and here we are, a couple hours later. The timing is *immaculate.*

toufusoup
Автор

Such an extensive list of scam ideas. I'm glad you're on our side, Steve.

timmgebhart
Автор

This is a hyperviolation of the GDPR. They are doing business in the EU and the site was accessible from the EU and the customers are from the EU. Other jurisdictions have similar legislations. The fines are going to be astronomical - at least, I hope so. How can you not even implement auth for this?

neoqueto
Автор

10:35 - I always remember: if even Jim Browning, a guy who does scam busting videos, can get scammed - anyone can get scammed no matter how savvy they are. It just takes one email on an off day and bam, you get scammed.

mjc
Автор

This is pure negligence. In this day and age, any company should know better. The negligence is so bad that fines should be involved here.

LosDuervo
Автор

So, I've literally already received 3-4 letters in the mail this year about data breach's from businesses I use,
Including my Hospital.

These data leaks are getting out of hand. Companies need to do better with their data security.

SrtRacerBoy
Автор

3:21 That's very ethical of you. Instead of jumping on it to get quick clicks you waited to minimize the damage. 👏👏👏
In a world of youtubers driven by clickbaits and doing everything to be the first, its a relief that channels like Gamer Nexus and Hardware Unboxed exists..🙏

senti
Автор

Publicly available intranet - truly next level of corporate transparency

belizarius_
Автор

As a sysadmin, this is horrifying. To have messed up so badly as to have this kind of information be so readily available is definitely a firing level mistake.

dangingerich
Автор

When somebody asks me: "why you don't wat to register, give your email, phone or anything" I can just send tle link to this or zotac's related video. Keep up the great work.

Dennn
Автор

I saw the YouTube comment from the guy who found this. It was wild when he put some mild details about it in his comment and Steve said basically “wait, that doesn’t sound like what we found” and it turned out to be a completely separate instance of almost exactly the same completely insane “vulnerability” though it’s weird even to call it that. Like if I put my house in the phone book as “house where I’m never home and leave the front door unlocked” for literally no reason.

harryf
Автор

As someone who attends server Network/IT conferences, I see this getting heavily brought up as an example in presentations very soon.

MattStevens