BreachExchange mailing list archives
Nvidia Webpage Found Leaking Customer Email Addresses to Randos
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 30 Sep 2020 09:33:15 -0500
https://uk.pcmag.com/news-analysis/128808/nvidia-webpage-found-leaking-customer-email-addresses-to-randos It appears Nvidia’s website accidentally leaked some customer email addresses to anyone visiting the order status page. On Friday, a user on Reddit brought up the problem with a screen shot, which shows a random person’s email address popping up in the login field on Nvidia’s website. PCMag managed to replicate the issue on Nvidia’s order status page when using Firefox. An email address to a stranger did indeed appear in the login field. A quick Google search revealed the same email address belonged to a college student in Florida who studies computer science. The incident has also affected software engineer Phil Bayfield, who says a random person ended up learning his email address through the leak on Nvidia’s website. As evidence, Bayfield posted an email exchange between him and the random person, which was first reported by TechTeamGB. The stranger sent the email back on Monday in the hopes Bayfield had acquired Nvidia’s newly-launched RTX 3080 card with the goal of buying it off from him. “Can I have your 3080?” the stranger asked. “I don’t have a 3080,” Bayfield replied. The stranger then proceeded to explain how Bayfield’s email was exposed. “...somehow Nvidia’s website is leaking emails. It had your email autofilled in the email address field when I clicked my order status from my email. Weird,” the person said. Bayfield told PCMag, “Well, I thought it was someone pranking me to be honest,” before realizing the leak was real. He signed up for Nvidia’s website about a week ago to try and obtain the RTX 3080. But doing so only ending up exposing some of his personal information. “What an absolute joke of a launch 30 series has been though,” he added, alluding to how the 3080 card has been almost impossible to obtain due to bots and resellers. “Not very impressed that they leaked my email (even though it's not exactly a secret).” Nvidia told PCMag: "We are investigating the issue and will provide further information once it is available." In the meantime, the company has taken the order status webpage down for maintenance. It’s unclear how many users were affected in the leak, and what information was exactly divulged. However, at least two users say they even encountered credit card information partially exposed over Nvidia’s order status page when the site was still up. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Nvidia Webpage Found Leaking Customer Email Addresses to Randos Destry Winant (Sep 30)