Skip to main content

Nvidia's store appears to be leaking cached emails to random users (Updated)

(Image credit: Nvidia)

Update: Nvidia has fixed an error on its webstore that occasionally displayed the email address of another user. The following statement can be found on the GeForce forums.

"Yesterday, we were alerted to an issue on our NVIDIA store where a lookup order page was displaying the email address of another customer. We corrected the issue and had the NVIDIA store up and running again later the same day. Aside from the wrong email address being displayed, no customer order information or personal details were exposed, such as address or payment details. We apologize to any affected customers."

Original article: PSA to anyone hoping to snag one of Nvidia's RTX 3000 series Founder's Edition cards: There appears to be a flaw in Nvidia's web store causing it to display the email address and more personal information from other shoppers at random. A Reddit poster published a screenshot of what they claim is another user's email address and "partially masked" credit card information. Multiple other posters confirmed they'd seen a stranger's email address when logging in to check an order.

The incident seems similar to a 2015 caching bug that caused the Steam client to display account information from other users. What triggers the bug is tricky to ascertain—it's specific to Nvidia store accounts, a separate system from the accounts Nvidia uses for GeForce Experience. When users go to check their order status, they may see someone else's cached email instead of their own.

On Twitter, TechTeamGB posted an email from one shopper who was contacted by someone who discovered his email through the Nvidia store. They wanted his RTX 3080.

I haven't been able to replicate the error myself—I can't find anything on the Nvidia store in stock to attempt to buy for the purposes of creating an account on checkout. One poster in the reddit thread claims to have seen "some credit cards autofill." It's uncertain at this point how widespread the issue is or what's causing it, but Nvidia is aware. A community manager on the subreddit said "I have escalated it to our team to investigate." 

We've reached out to Nvidia PR for more details, and received the following statement: "We are investigating the issue and will provide further information once it is available."

When he's not 50 hours into a JRPG or an opaque ASCII roguelike, Wes is probably playing the hottest games of three years ago. He oversees features, seeking out personal stories from PC gaming's niche communities. 50% pizza by volume.