Computer hardware manufacturer Zotac misconfigured a database containing sensitive customer data, causing the information to leak online.
Zotac is best known for its graphics cards and mini PCs, and its product line includes several NVIDIA GeForce graphics cards, ZBOX mini PCs, various motherboards, SSDs, and other computer accessories.
As reported by Computer beepingThe company’s U.S. subsidiary, Zotac USA, incorrectly configured permissions on a folder containing return merchandise authorization (RMA) requests and related documents. As a result, the documents were indexed by Google, making them easily searchable and discoverable through Google search engine results pages.
Changing the process
The report is missing some details, such as how many people were affected and how long the database remained open. What we do know is that the company leaked people's names, invoices, addresses, application details and contact information.
The issue was first spotted by a viewer of the YouTube channel GamersNexus, after which the company reported the problem to Zotac. The database has since been blocked. While Google still displays some data on its search engine results pages, unauthorized visitors can no longer open those links.
Zotac has since changed the way it accepts RMA requests. Instead of having an upload button on the RMA portal, through which customers could make requests, the company has now asked them to use email.
Misconfigured databases remain one of the leading causes of data leaks and breaches. Businesses of all sizes and across all industries regularly make headlines for keeping databases, full of sensitive customer data, unlocked and available for anyone to view.
Amazon Prime Video, Toyota, BMW, Ecco, the Indian government, Sega – these are just a few of the companies that recently made the same costly mistake.