July 8, 2024 at 06:04PM
Zotac, a computer hardware manufacturer, inadvertently exposed customers’ sensitive information through misconfigured web folders holding return merchandise authorization (RMA) data. Google searches with specific parameters revealed personal details such as invoices, addresses, and contact information. Remediation efforts are underway, with data now mostly secured, although still accessible via Google. Customers who have used Zotac’s RMA service should take precautions due to potential data exposure.
Based on the meeting notes, it appears that computer hardware maker Zotac has inadvertently exposed sensitive customer information related to return merchandise authorization (RMA) requests. The exposure was a result of misconfigured web folders holding RMA data, which allowed the information to be indexed by search engines. This has led to personal information such as invoices, addresses, request details, and contact information being accessible through Google search queries.
The issue was brought to light by the YouTube tech channel GamersNexus, which informed Zotac’s partners about the data exposure. Remediation efforts are underway, and most of the private documents have been secured, although they still appear in Google Search. The company has disabled the document upload button on their RMA portal and is now asking customers to email files accompanying their requests.
It is advised that individuals who have used Zotac’s RMA service take precautions to mitigate the risk of their personal information being exposed. As the duration of the exposure is unknown, there are no “safe” RMA dates at this time. BleepingComputer has reached out to Zotac for more information about the data exposure, but a statement was not immediately available.