ZOTAC Security Flaw Exposes Thousands of Customer Records in Google Search Results

Recently, hardware manufacturer ZOTAC has unintentionally exposed a trove of sensitive customer data, including names, phone numbers, email addresses, and shipping information. The breach stemmed from inadequate security measures in the company’s after-sales service system, allowing Google’s web crawlers to index and display confidential information in search results.

The alarming discovery was made by tech website Gamers Nexus, whose editor stumbled upon a previously submitted ZOTAC after-sales request form while conducting a Google search. The form, containing the editor’s personal information, was freely accessible and downloadable.

Further investigation by Gamers Nexus revealed the extent of the vulnerability. ZOTAC’s after-sales process required customers to upload forms containing their real information, but due to lax server security policies, these files were left exposed to the public. In addition to customer data, receipts from companies like Micro Center and iBuyPower were also found to be compromised.

Gamers Nexus promptly alerted ZOTAC and other affected companies to the security breach. While Google continues to index ZOTAC’s after-sales files, access permissions have been adjusted to prevent direct downloads. ZOTAC has also revised its after-sales process, eliminating the upload button and requiring customers to submit forms via email.

Despite these remedial actions, ZOTAC has yet to release an official statement detailing the scope of the incident. However, given the high volume of after-sales requests, the number of compromised files could be in the tens of thousands.