Zotac has apparently “leaked” multiple customers’ personal information through “mismanagement” of RMA files.
ZOTAC makes a huge ‘blunder’ with customer documents, uploads them to Google’s web server and makes them public
Well, it is a huge red flag for a company like ZOTAC to face such an issue, but it seems that the company has been negligent in protecting consumer rights and has exposed the personal information of multiple customers by not managing RMA files securely. This issue was initially discovered by GamersNexus and after a series of reports on the X, the media outlet has finally made the issue public and it seems that the issue is indeed serious and has put multiple consumers at risk.
When I contacted a ZOTAC business partner, I got the following response, and it’s definitely hilarious:
If I can Google my own credit notes… what the hell is this? How can you be so insecure? How can you run a business like this?
– ZOTAC’s partner for GamersNexus
You might be wondering how this mismanagement of RMA files happened in the first place. Well, it appears that ZOTAC uploaded the files to Google’s web servers, making them publicly accessible by simply searching for keywords like “ZOTAC RMA” or something similar. While the RMA files don’t show up when searching on Google after the issue was reported to ZOTAC, initial images from GamersNexus show that search results were flooded with B2B invoices, along with RMA requests from customers, mentioning personal information, increasing the likelihood of identity theft and data breaches.
GamersNexus was alerted to the issue by a viewer who claimed to have the ability to “look himself up” in Google search results, and saw his RMA file in the results. Additionally, every other document containing user details and invoice amounts was floating around the internet in public. Interestingly enough, while we shouldn’t comment on B2B invoices, one company purchased NVIDIA’s GeForce RTX 3090 SKUs for a whopping $2,400 each, which is disappointing, but we won’t get into that right now. Companies like SuperMicro and Cyberpower had their invoices public, but since no one raised the issue, they were likely being discreet.
For consumers who have interacted with ZOTAC for a service and uploaded personal documents, it is advised to track back to specific documents, search for a unique string within them, such as your name, and add “site:zotacusa.com”. If a search result appears, it is likely a dead link, as that is the temporary workaround ZOTAC has begun to implement. ZOTAC is currently working with partners to resolve the issue, but the issue has been reported to the relevant individuals and ZOTAC is now asking customers to email personal documents to a specified address.