HQ/EMEAFind out how we can help your business
The computer hardware manufacturing company Zotac accidentally exposed the information owned by its customers to Google Search. The leaked data is related to the company’s return merchandise authorisation (RMA) requests and related papers, exposing sensitive customer information.
Zotac, which makes compact and micro PCs, high-end graphics cards, motherboards, and computer accessories, misconfigured the web folders that contain RMA data, allowing search engines to index them.
Researchers noted that these instances commonly occur because of insufficient permissions that limit access to authorised users only, as well as a lack of tags or a ‘robots.txt’ file instructing crawlers to exclude sensitive files.
The Google Search inquiries with people’s or companies’ names and the ‘zotacusa.com’ site parameter produced personal information such as bills, addresses, request details, and contact information.
A viewer found a data leak issue on Zotac in one of the tech-related YouTube videos.
A viewer of the YouTube tech channel GamersNexus has identified the Zotac issue, which affects an unknown number of Zotac customers. The channel revealed the leak late last week on the social media platform X but did not disclose the hardware vendor.
In addition, the YouTube channel owner notified some of the affected company’s top partners to raise awareness about the sensitive data breach and execute remedial efforts to address the campaign.
Zotac USA’s response prompted the YouTube channel to disclose the culprit in a video that aired earlier this week. Most of the exposed data has now been secured, but it still appears on Google Search. However, most private documents are no longer available to the public.
GamersNexus eventually contacted a Zotac spokesman, who informed them that the document upload feature on their RMA page had been blocked and that consumers should email materials accompanying their requests instead.
Customers who use Zotac’s RMA service should be aware of the risk to personal information and take appropriate action. Everyone should remember that there are no safe RMA dates because the duration of exposure is currently unclear.
