Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Lenovo has faced multiple serious scandals and negative incidents that have significantly damaged its reputation, particularly around security, customer trust, and transparency.

    Adware Scandal (2015): Lenovo pre-installed Superfish VisualSearch on thousands of laptops, which injected ads into web searches and installed a universal self-signed root certificate. This allowed man-in-the-middle (MITM) attacks, exposing users’ encrypted traffic—including passwords and banking details—to anyone on the same network. The private key for this certificate was identical across all affected devices, making it trivial for attackers to exploit. Lenovo initially denied the threat, claimed the software was safe, and only issued a removal tool after intense public and media backlash. Even then, the tool removed the adware but left the dangerous root certificate in place, giving users a false sense of security.

    UEFI and Firmware Backdoors (2015–2025): Lenovo shipped laptops with UEFI-based installers that could reinstall software even after a full OS reformat. Security researchers found persistent firmware-level malware that could not be removed by standard reinstallation. In 2025, reports from Bloomberg suggested U.S. military investigators found backdoored chips in Lenovo motherboards capable of logging keystrokes and transmitting data—though Lenovo denied knowledge.

    ThinkPad Spyware (2015): Lenovo was found to have pre-installed Omniture software (a web analytics tool) on ThinkPad and ThinkCentre devices, which collected detailed user behavior data, including keystrokes and browsing habits. This was done without clear user consent and sparked privacy concerns.

    Customer Service Failures and Refusal to Refund (2022–2026): Multiple users report fraudulent replacement practices, such as sending lower-spec laptops than ordered (e.g., a 1TB SSD instead of 2TB), refusing refunds, and ignoring customer complaints. One user reported being denied a refund for over a year despite returning a defective gaming laptop, with Lenovo repeatedly failing to respond or escalate cases—even after threats of legal action.

    Product Misrepresentation and Delayed Shipments (2022): Customers reported false delivery timelines—such as a Cyber Monday order taking over a month to ship—leading to missed deliveries and poor communication. One Reddit user called it a "scam" due to misleading advertising and unresponsive support.

    Security and Trust Erosion: The repeated pattern of pre-installing dangerous software, ignoring security warnings, and failing to act responsibly has led to widespread distrust. Experts and users alike now warn that Lenovo devices may be compromised at the firmware level, and many advise avoiding Lenovo products for sensitive or secure tasks.
These incidents reflect a recurring pattern of security negligence, poor customer service, and questionable business practices, raising serious concerns about Lenovo’s integrity and long-term reliability.
 help



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: