It appears that NVIDIA’s website has accidentally displayed the email addresses of some of its users for some time. This incident was reported last Friday by one of the forum readers Reddit… He indicated that someone’s address was displayed in the login line when he went to the site to check the status of the order of the purchased item.
PCMag was able to reproduce the issue on NVIDIA’s website using Firefox. Further web searches indicated that the address belonged to a Florida computer science student. Interestingly, the problem was not unique. The victim also turned out to be software developer Phil Bayfield, who said on his Twitter page that a complete stranger wrote to him in the mail on Monday. First, he told Bayfield that he would like to buy the GeForce RTX 3080 from him. To which Bayfield replied that he did not have an RTX 3080. Then the stranger admitted that he was joking, and in fact, he found Bayfield’s email on the status check page ordering from the NVIDIA Online Store. This page uses the login and password autocomplete form. Fortunately, the password did not appear on the corresponding line, but Bayfield’s email address did appear.
“At first I thought that someone was joking at me.”– said Bayfield in a conversation with PCMag.
@nvidia Also leaked my business email and I was contacted by someone who got my email from the NVIDIA store. I’ll be reporting this to the relevent authorities. However, I’ll be willing to accept a Founders Edition 3080 or 3090 card as suitable compensation. https://t.co/bNV2OOlczv
– Phil Bayfield (@bayf) September 25, 2020
Then he realized that this was not a joke, but a real leak of his personal data.
“The launch of the GeForce 30 series graphics cards turned out to be a real circus. First, bots bought all the cards, and then speculators put them up for resale. Now I’m not at all surprised that they [NVIDIA] leaked my email address “Bayfield added.
The resource turned to NVIDIA for comments. There he was told that they were checking the incident and would provide additional information upon its completion. At the same time, the company decided to disable the status check page for repair orders.
PCMag indicates the extent of the problem is unknown. It is not yet clear exactly how many users could be affected by an error in the NVIDIA website and how much personal data could be leaked to the Network. However, as some Reddit users point out, not only users’ addresses but also their credit card information could be at risk. At least two Reddit users said they saw partially displayed information about someone’s credit cards on the same checkout status page while it was still running.
If you notice an error, select it with the mouse and press CTRL + ENTER.