Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Zotac may have been exposing private customer data straight into Google search results

Data leak.

Computer hardware manufacturer Zotac misconfigured a database containing sensitive customer data, resulting in that information being leaked on the wider web.

Zotac is best known for its graphics cards and mini PCs, with its product lineup including various NVIDIA GeForce graphics cards, ZBOX mini PCs, various motherboards, SSDs, and other computer accessories. 

As reported by BleepingComputer, the company’s American subsidiary, Zotac USA, misconfigured the permissions for a folder containing return merchandise authorization (RMA) requests, and related documents. As a result, Google indexed the documents, which made them searchable and easily discovered through the Google search engine results pages. 

Changing the process

Some details are missing from the report, namely how many people were affected, and for how long the database remained open. We do know that the company was leaking people’s names, invoices, addresses, request details, and contact information.

The mishap was first spotted by a viewer of the GamersNexus YouTube channel, after which the company escalated the issue with Zotac. The database has since been locked down. While Google still returns some data on its search engine results pages, those links can no longer be opened by unauthorized visitors. 

The way Zotac accepts RMA requests has since been changed. Instead of having an upload button on the RMA portal, through which customers were able to make requests, the company has now asked them to use email.

Misconfigured databases continue to be one of the biggest reasons for data leaks and spills. Companies of all sizes, in all kinds of industries, are regularly making headlines for keeping databases, filled with sensitive customer data, unlocked and available for anyone to see. 

Amazon Prime Video, Toyota, BMW, Ecco, Indian government, Sega, those are just some of the companies that were recently seen making the same costly mistake.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.