Warning! Avoid buying from Coolermaster website

[Hard and Confused]

There for anyone looking at the cooler master free shipping deal AVOID CM'S WEBSITE !!!

I just went to thier site for the first time on this PC and it had me logged in as a "Hirby" I had access to all of his personal/contact info. I immediatly called him and indeed I think I woke him up at 8:30 on a sunday morning and let him know his personal info was in deep shit.

DO NOT BUY FROM COOLER MASTER !!! YOUR PERSONAL INFO IS NOT SAFE !!!

If a mod see's this please delete the other threads on HOT deals reguarding CM's deal for the safety of the forum.

 

[ScYcS]

NEVER FUCKING WAKE ME UP AGAIN!!!!!!!!!!

 

[Blazestorm]

lol.

 

[Crosshairs]

it was nice of you to come here and expose "Hirby" and his info to possibly thousands of people who otherwise would not have known ..

 

[Duster]

I woke him up at 8:30 on a sunday morning and let him know his personal info was in deep shit.

Well you should have bought him something from CM as a sorry I woke you up gift

I just checked and it says guests for me

 

[Hard and Confused]

it was nice of you to come here and expose "Hirby" and his info to possibly thousands of people who otherwise would not have known ..

Except for the fact that I notified him first and told him to make sure he was logged off the website and to call CM immediatly and get this resolved.

 

[Crosshairs]

Except for the fact that I notified him first and told him to make sure he was logged off the website and to call CM immediatly and get this resolved.

just messing man..look at the original thread..people were talking about this at midnight last night..so yeah, there were a lot of folks who got compromised on that site..

 

[3991vhtes]

I lol'd

 

[SJetski71]

There for anyone looking at the cooler master free shipping deal AVOID CM'S WEBSITE !!!

I just went to thier site for the first time on this PC and it had me logged in as a "Hirby" I had access to all of his personal/contact info. I immediatly called him and indeed I think I woke him up at 8:30 on a sunday morning and let him know his personal info was in deep shit.

DO NOT BUY FROM COOLER MASTER !!! YOUR PERSONAL INFO IS NOT SAFE !!!

If a mod see's this please delete the other threads on HOT deals reguarding CM's deal for the safety of the forum.

I appreciate the phone call ! (yawn)

 

[pxc]

LOL @ thread. See that sid= in the URL? That's a session ID. If you follow someone else's session ID, you'll be exposed to CM's poor web design choice. Don't click on someone else's (or share your) session ID and it's peaches.

edit: thanks for reminding me about the free shipping. I just ordered:
1 x Centurion 5 Transparent Side Window Panel (Black) - Brand New $8.99
1 x GeminII CPU+ Board Cooler - Refurbished $13.99

 

[scottmso]

LOL @ thread. See that sid= in the URL? That's a session ID. If you follow someone else's session ID, you'll be exposed to CM's poor web design choice. Don't click on someone else's (or share your) session ID and it's peaches.

Whoever designed the site is a complete idiot for doing that. Why can't they implement the session ID using cookies? Web browsers have supported them for, what....10 or 15 years?

 

[nightwalker]

Whoever designed the site is a complete idiot for doing that. Why can't they implement the session ID using cookies? Web browsers have supported them for, what....10 or 15 years?

Because they are a bunch of dipsticks who don't give a shit as long as they get your money.

 

[UltraVioletDream]

Because they are a bunch of dipsticks who don't give a shit as long as they get your money.

I'm sure that the person who designed the site doesn't get a share of our hard earned money, it's the dummy's who paid him

 

[spacetrader]

im not completely following this. are you guys saying that if you log into coolermaster's store site, you are presented with a list of everyones session id's there for you to login with?

 

[pxc]

im not completely following this. are you guys saying that if you log into coolermaster's store site, you are presented with a list of everyones session id's there for you to login with?

No.

If some moron posts a link with his session ID and someone else clicks it, they can see all the info from that session. It's not really a big deal if you don't click on a link with someone else's session ID and don't post a link with your session ID.

 

[guitarslingerchris]

Well, at very least I imagine this is a good way to promote getting CM's website overhauled.

 

[spacetrader]

No.

If some moron posts a link with his session ID and someone else clicks it, they can see all the info from that session. It's not really a big deal if you don't click on a link with someone else's session ID and don't post a link with your session ID.

so the problem is the website allows duplicate session id's simultaneously across multiple ip addresses. nice.

 

[pxc]

so the problem is the website allows duplicate session id's simultaneously across multiple ip addresses. nice.

Sort of. It seems to attach whoever uses the session ID to whatever session originally created it. Someone who doesn't click on another person's link containing a session ID or doesn't post his session ID is unaffected. The session IDs are long and unique.

IMO it's a big nothing. Deal folks are just interesting characters.

 

[Met-AL]

Sort of. It seems to attach whoever uses the session ID to whatever session originally created it. Someone who doesn't click on another person's link containing a session ID or doesn't post his session ID is unaffected. The session IDs are long and unique.

IMO it's a big nothing. Deal folks are just interesting characters.

I today's world of people actually putting forth effort to protect their personal information from identity theft, to have something like this possible so easily is a not a "big nothing."

This is actually probably more stupid than most of the stories where a corporation loses customer, patient, or employee data due to something like a lost laptop. This is a case of the designer of the website or the webserver admin totally dropping the ball. Leakage customer personal data is a not a good thing.

Here is their privacy policy. In the least, they are violating their own stated privacy policy.


They took down the site.. but Google still has it in it's cache


http://74.125.95.132/search?q=cache...icy&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a

Cooler Master Privacy Policy

Cooler Master takes your privacy seriously.
Please read the following to learn more about our privacy policy.

What This Privacy Policy Covers

• This policy covers how Cooler Master treats the personal information our company collects and receives, including information related to your past use of Cooler Master products and services. Personal information is any and all information about you that is personally identifiable like your name, address, email address, or phone number, and that which is not otherwise publicly available.

• This policy does not apply to the practices of companies that Cooler Master does not own or control or to people that Cooler Master does not employ or manage. In addition, certain Cooler Master associated companies have their own privacy statements which can be viewed by clicking the links.

Information Collection and Use

• Cooler Master would collect and store your personal information when you register with Cooler Master, when you use Cooler Master products or services, visit Cooler Master pages or the pages of certain Cooler Master partners, and enter promotions or sweepstakes.

• Cooler Master would ask you to fill up some personal information such as your name, address, email address, birth date, gender, ZIP code, occupation, industry, personal interests, and other information about your assets when you register on our website and the aforementioned information would be disclosed to Cooler Master, stored and used by Cooler Master based on your consent. It would be deem to confirm your consent if you register successfully on our website. When you register on our website and log in to our services, you would not be anonymous user to us anymore.

• To enhance the service and hold fine communication with customers, Cooler Master would use the aforementioned information for the following general purposes:

1. To customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.

2. To collect, store and combine the information and share with Cooler Master’s affiliates and trusted partners who work on behalf of or with Cooler Master under confidentiality agreements to establish the public management system of customers. These companies may use your personal information to help Cooler Master communicate with you about offers from Cooler Master and our marketing partners. However, these companies do not have any independent right to share this information. Cooler Master would be able to exactly understand any of your requests for customer service to improve and enhance Cooler Master’s service and products based on this system.

3. To communicate with you or confirm your request by on-line questionnaire upon using the information by Cooler Master’s business partners or subcontractor to recommend or introduce Cooler Master’s product, service and plentiful sale information.
It would be deemed that you agree to authorize Cooler Master to collect and use the aforementioned information based upon this Privacy Policy, but you still have the right to retreat the authorization. To protect your proper right, you could fax to Cooler Master in writing (not formally) with signature to express your rejection within seven(7) calendar days after you fill up the information on our website. Cooler Master would make reasonably disposal individually to the information. It would be constructive that you agree Cooler Master could collect and use the information based on the Law and Regulation of the United States of America.

Non-liability

This website is owned by Cooler Master, but Cooler Master doesn’t warrant any safety, privacy or other relevant contents of the others websites linked by this website and no employee, agency, representative, or partnership relationship was created by the links.

Your Ability to Edit and Delete Your Account Information and Preferences

• You can edit your Cooler Master Account Information, including your marketing preferences, at any time.

• New categories of marketing communications might be added to the Marketing Preferences page from time to time. Users who visit this page can opt out of receiving future marketing communications from these new categories or they can unsubscribe by following instructions contained in the messages they receive.

• We reserve the right to send you certain communications relating to the Cooler Master service, such as service announcements, administrative messages and the Cooler Master Newsletter, that are considered part of your Cooler Master account, without offering you the opportunity to opt out of receiving them.

Confidentiality and Security

• In order to protect your safety and privacy, your information in Cooler Master Account will be protected by a password.

• In some occasions Cooler Master will use SSL security system to protect information during transmission.

• We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs.

• We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.

• To learn more about security, including the security steps we have taken and security steps you can take, please read Security at Cooler Master.

Changes to this Privacy Policy

• Cooler Master would reserve the right to solely change or revoke this policy and suggest you to read and study this policy every now and then to handle any new condition. We will place a notice about any significant changes in the way we treat personal information on this website.

Questions and Suggestions

• Should you have any questions and suggestions, welcome to contact us as following directions:

1) By email: contact us at this e-mail
2) By mail:
CM Store
4820 Schaefer Ave.
Chino, CA 91710

3) By phone: 1-888-624-5099
4) By fax: 1-909-673-9882

Effective Date: January 1, 2007

 

[HitmanZ]

Well other than above issue, I had bought from CoolerMaster before and recieved a damaged product, turns out they ignored my emails after the 2nd one!

 

[pxc]

I today's world of people actually putting forth effort to protect their personal information from identity theft, to have something like this possible so easily is a not a "big nothing."

It's a big nothing if you use a little piece of grey matter as I suggested in my post.

This problem happens because you clicked someone else's sid link or posted your own sid in a link. This is a big nothing if you visit the site directly, or strip out your sid before posting a link. The site has been like this for years and hasn't caused me any problems after using it at least 3 times to order stuff in the past. Yawn.

It's no extra effort for me because I always strip out extra information before posting the link (referral IDs, session links that tend to expire, etc).

I don't really understand the outrage, especially at me. I already criticized CM above, and the cause and how to avoid the problem have been perfectly spelled out several times above. Sorry that I can't join the chicken little bandwagon.

 

[Met-AL]

It's the tin foil club...

 

[Ravynmagi]

I ordered a PSU during the memorial weekend free shipping and yesterday I got an email saying it was shipped. Even got the tracking number that shows it is arriving tomorrow.

Today I just got an email saying my order is canceled. No explanation, just "New status: canceled".

I try to click on the order detail link in the email and I get a message the site is under maintenance (has been all week long).

Geez, I hope I get the PSU. But CM isn't really instilling me with much confidence in them.

 

[ekuest]

is it possible they had a problem with people ordering stuff on other peoples' money with that id thing? if so they may have started canceling some orders until they figure out who actually bought what... or maybe theyre just trying to steal you money and run away to the bahamas. doesnt sound like a bad business plan to me!

 

[pigwalk]

I haven't had any updates since processed and the page is still down. Great job Cooler Fagster!

 

[kevineugenius]

Huh. Who knew Coolermaster had a website? Learn something new every day. Newegg FTW imo.

 

[Ravynmagi]

Welp my 750 watt refurbed PSU arrived today. So that canceled email must have been a mistake.

Haven't plugged it in yet, but the refurbed PSU looks like it is in very good almost new condition (some folks mentioned getting some banged up refurb stuff, so I was a little worried).

 

[Manaknight]

haven't heard anything past processing for mine, also going via paypal.

 

[Tbird87]

Looks like the site is back up and they made some changes, but I guess it doesn't matter now since the deal is gone. Should be safe for the next sale hopefully o_o.