Computer hardware manufacturer Zotac misconfigured a database containing sensitive customer data, causing the information to leak onto the Internet.
Zotac is best known for its graphics cards and mini PCs. Its product line includes various NVIDIA GeForce graphics cards, ZBOX mini PCs, various motherboards, SSDs and other computer accessories.
As reported by BleepingComputerThe company’s US subsidiary, Zotac USA, misconfigured permissions for a folder containing Return Merchandise Authorization (RMA) requests and related documents. As a result, Google indexed the documents, making them searchable and easy to find via Google search engine results pages.
Changing the process
There are some details missing from the report, namely how many people were affected and how long the database was open. We do know that the company leaked people’s names, invoices, addresses, request details and contact details.
The glitch was first spotted by a viewer of the YouTube channel GamersNexus, and the company escalated the issue to Zotac. The database has since been blocked. While Google still returns some data on search results pages, those links can no longer be accessed by unauthorized visitors.
Zotac has changed the way it accepts RMA requests. Instead of an upload button on the RMA portal, which customers could use to submit requests, the company now asks them to use email.
Misconfigured databases continue to be one of the biggest reasons for data breaches and spills. Companies of all sizes, across all industries, regularly make headlines for leaving databases filled with sensitive customer data unlocked and accessible to anyone.
Amazon Prime Video, Toyota, BMW, Ecco, the Indian government, Sega, these are just some of the companies that recently made the same costly mistake.