The exposed email address Daxdi encountered on Nvidia's website (Credit: Nvidia) UPDATE 9/29/20: Nvidia has fixed the issue, but isn't disclosing how many customers were affected.
"Aside from the wrong email address being displayed, no customer order information or personal details were exposed, such as address or payment details," the company said in a forum post.
"We apologize to any affected customers."
Original story:
It appears Nvidia’s website accidentally leaked some customer email addresses to anyone visiting the order status page.
On Friday, a user on Reddit brought up the problem with a screenshot that shows a random person’s email address popping up in the login field on Nvidia’s website.
Daxdi replicated the issue on Nvidia’s order status page when using Firefox.
An email address to a stranger did indeed appear in the login field.
A quick Google search revealed the same email address belonged to a college student in Florida who studies computer science.
The incident also affected software engineer Phil Bayfield, who says a random person ended up learning his email address through the leak on Nvidia’s website.
As evidence, Bayfield posted an email exchange between him and the random person, which was first by TechTeamGB.
The stranger sent the email on Monday in the hopes Bayfield had acquired Nvidia’s newly launched RTX 3080 card with the goal of buying it off from him.
“Can I have your 3080?” the stranger asked.
“I don’t have a 3080,” Bayfield replied.
The stranger then explained how Bayfield’s email was exposed.
“...somehow Nvidia’s website is leaking emails.
It had your email autofilled in the email address field when I clicked my order status from my email.
Weird,” the person said.
Bayfield told Daxdi, “Well, I thought it was someone pranking me to be honest,” before realizing the leak was real.
He signed up for Nvidia’s website about a week ago to try and obtain the RTX 3080.
But doing so only ending up exposing some of his personal information.
“What an absolute joke of a launch 30 series has been though,” he added, alluding to how the 3080 card has been almost impossible to obtain due to bots and resellers.
“Not very impressed that they leaked my email (even though it's not exactly a secret).”
Nvidia told Daxdi: "We are investigating the issue and will provide further information once it is available." In the meantime, the company has taken the order status webpage down for maintenance.
It’s unclear how many users were affected in the leak, and what information was divulged.
Daxdi only noticed one email address being exposed on the site when we accessed it via Firefox on Friday afternoon; the error did not occur over the Chrome or Safari browsers.
However, at least two users say they encountered credit card information partially exposed over Nvidia’s order status page when the site was still up.
The exposed email address Daxdi encountered on Nvidia's website (Credit: Nvidia) UPDATE 9/29/20: Nvidia has fixed the issue, but isn't disclosing how many customers were affected.
"Aside from the wrong email address being displayed, no customer order information or personal details were exposed, such as address or payment details," the company said in a forum post.
"We apologize to any affected customers."
Original story:
It appears Nvidia’s website accidentally leaked some customer email addresses to anyone visiting the order status page.
On Friday, a user on Reddit brought up the problem with a screenshot that shows a random person’s email address popping up in the login field on Nvidia’s website.
Daxdi replicated the issue on Nvidia’s order status page when using Firefox.
An email address to a stranger did indeed appear in the login field.
A quick Google search revealed the same email address belonged to a college student in Florida who studies computer science.
The incident also affected software engineer Phil Bayfield, who says a random person ended up learning his email address through the leak on Nvidia’s website.
As evidence, Bayfield posted an email exchange between him and the random person, which was first by TechTeamGB.
The stranger sent the email on Monday in the hopes Bayfield had acquired Nvidia’s newly launched RTX 3080 card with the goal of buying it off from him.
“Can I have your 3080?” the stranger asked.
“I don’t have a 3080,” Bayfield replied.
The stranger then explained how Bayfield’s email was exposed.
“...somehow Nvidia’s website is leaking emails.
It had your email autofilled in the email address field when I clicked my order status from my email.
Weird,” the person said.
Bayfield told Daxdi, “Well, I thought it was someone pranking me to be honest,” before realizing the leak was real.
He signed up for Nvidia’s website about a week ago to try and obtain the RTX 3080.
But doing so only ending up exposing some of his personal information.
“What an absolute joke of a launch 30 series has been though,” he added, alluding to how the 3080 card has been almost impossible to obtain due to bots and resellers.
“Not very impressed that they leaked my email (even though it's not exactly a secret).”
Nvidia told Daxdi: "We are investigating the issue and will provide further information once it is available." In the meantime, the company has taken the order status webpage down for maintenance.
It’s unclear how many users were affected in the leak, and what information was divulged.
Daxdi only noticed one email address being exposed on the site when we accessed it via Firefox on Friday afternoon; the error did not occur over the Chrome or Safari browsers.
However, at least two users say they encountered credit card information partially exposed over Nvidia’s order status page when the site was still up.
