Data from around 250,000 MSI customers at Have I Been Pwned
In a cyber incident at MSI in 2024, numerous customer records were apparently copied. HIBP has now recorded around 250,000 of them.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
In mid-2024, MSI experienced a data leak of hundreds of thousands of customer data records. The Have-I-Been-Pwned project has now integrated 250,000 of these data records into its data pool.
On the project website, operator Troy Hunt writes that MSI had inadvertently stored many thousands of customer data records from return or exchange requests (RMA claims) in a publicly accessible location in the middle of last year. For such processes, customers have to fill out forms and provide email addresses and postal addresses, for example.
Data from warranty claims
Almost 250,000 such data records were accessible. The data included this many unique email addresses along with names, telephone numbers, physical addresses and warranty claims.
Videos by heise
When asked, MSI succinctly stated that there was no evidence that the information had ever been accessed. The security incident also did not trigger any government data breach notification requirements, as no social security numbers, driver's license numbers or similar were affected.
However, the information can be misused by cybercriminals for more personalized, convincing phishing, for example. So anyone who has made warranty claims to MSI in the past up to July 7, 2024, when the data leak occurred, should pay particular attention when messages with this subject matter arrive.
Anyone who enters their email address on the HIBP website will receive the results of the data leaks in which it appeared and fell into the wrong hands. Since this week, however, the project has also been testing the display of data collected by Infostealers. To do this, however, owners of email addresses must register under “Notify me”. For data protection reasons, only notification emails are sent. Troy Hunt wants to prevent potentially compromising information from falling into the wrong hands. Infostealers generally access access data that is actually used. If this information were displayed directly after entering an email address, it could be possible to see who has registered with special interest offers or on porn websites, for example.
(dmk)
