Zotac may have been exposing private customer data straight into Google search results

Data leak
(Image credit: Shutterstock)

Computer hardware manufacturer Zotac misconfigured a database containing sensitive customer data, resulting in that information being leaked on the wider web.

Zotac is best known for its graphics cards and mini PCs, with its product lineup including various NVIDIA GeForce graphics cards, ZBOX mini PCs, various motherboards, SSDs, and other computer accessories. 

As reported by BleepingComputer, the company’s American subsidiary, Zotac USA, misconfigured the permissions for a folder containing return merchandise authorization (RMA) requests, and related documents. As a result, Google indexed the documents, which made them searchable and easily discovered through the Google search engine results pages. 

Changing the process

Some details are missing from the report, namely how many people were affected, and for how long the database remained open. We do know that the company was leaking people’s names, invoices, addresses, request details, and contact information.

The mishap was first spotted by a viewer of the GamersNexus YouTube channel, after which the company escalated the issue with Zotac. The database has since been locked down. While Google still returns some data on its search engine results pages, those links can no longer be opened by unauthorized visitors. 

The way Zotac accepts RMA requests has since been changed. Instead of having an upload button on the RMA portal, through which customers were able to make requests, the company has now asked them to use email.

Misconfigured databases continue to be one of the biggest reasons for data leaks and spills. Companies of all sizes, in all kinds of industries, are regularly making headlines for keeping databases, filled with sensitive customer data, unlocked and available for anyone to see. 

Amazon Prime Video, Toyota, BMW, Ecco, Indian government, Sega, those are just some of the companies that were recently seen making the same costly mistake.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.