Wednesday, July 10, 2024

Zotac may have been exposing private customer data straight into Google search results

Computer hardware manufacturer Zotac misconfigured a database containing sensitive customer data, resulting in that information being leaked on the wider web.

Zotac is best known for its graphics cards and mini PCs, with its product lineup including various NVIDIA GeForce graphics cards, ZBOX mini PCs, various motherboards, SSDs, and other computer accessories. 

As reported by BleepingComputer, the company’s American subsidiary, Zotac USA, misconfigured the permissions for a folder containing return merchandise authorization (RMA) requests, and related documents. As a result, Google indexed the documents, which made them searchable and easily discovered through the Google search engine results pages. 

Changing the process

Some details are missing from the report, namely how many people were affected, and for how long the database remained open. We do know that the company was leaking people’s names, invoices, addresses, request details, and contact information.

The mishap was first spotted by a viewer of the GamersNexus YouTube channel, after which the company escalated the issue with Zotac. The database has since been locked down. While Google still returns some data on its search engine results pages, those links can no longer be opened by unauthorized visitors. 

The way Zotac accepts RMA requests has since been changed. Instead of having an upload button on the RMA portal, through which customers were able to make requests, the company has now asked them to use email.

Misconfigured databases continue to be one of the biggest reasons for data leaks and spills. Companies of all sizes, in all kinds of industries, are regularly making headlines for keeping databases, filled with sensitive customer data, unlocked and available for anyone to see. 

Amazon Prime Video, Toyota, BMW, Ecco, Indian government, Sega, those are just some of the companies that were recently seen making the same costly mistake.

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/W0uMv2A

No comments:

Post a Comment

This devious new malware is going after macOS users with a whole barrel of tricks

Security researchers from Group-IB discover unique new piece of malware It abuses extended attributes for macOS files to deploy the payl...