ZOTAC Mismanages Customer RMA Files, Personal Information & B2B Transactions Flooded Over The Internet

Zotac has apparently “leaked” the personal information of several customers through “mismanagement” of RMA files.

ZOTAC Makes A Huge “Blunder” With Customer’s Documents, Uploads Them To Google’s Web Server & Makes Them Public

Well, it’s a huge red flag for a company like ZOTAC to face such an issue, but it looks like the firm has been negligent in safeguarding consumer rights and has made the personal information of multiple customers public by not securely managing RMA files. This problem had initially been discovered by GamersNexus, and after a series of posts on the X, the media outlet has finally made the problem public and by the looks of it, the problem is indeed grave and has put several consumers at risk.

Upon contacting a ZOTAC business partner, here’s how they replied, and it’s certainly hilarious:

If I can Google Search my own credit memos…. what the **** is this? How can you be this insecure? How can you run a business like this?

– ZOTAC’s Partner to GamersNexus

You might be curious about how this mismanagement of RMA files has occurred in the first place. Well, it looks like ZOTAC has uploaded the files on Google’s web servers, and with that, they are publicly accessible by just searching keywords such as “ZOTAC RMA” or something similar. While the RMA files won’t appear if you search on Google after the issue was raised to ZOTAC, initial images by GamersNexus show that the search results were flooded with B2B invoices, along with customer RMA requests as well, which mentioned personal details, hence raising the potential of identity thefts and data leakage.

GamersNexus was notified of the problem by a viewer who claimed he had the knack of “looking up himself” on Google’s search, and he saw his RMA file in the results. In addition, every other document, which contained user details and invoice amounts, was floating over the internet publicly. Interestingly, while we shouldn’t comment on B2B invoices, a company bought NVIDIA’s GeForce RTX 3090 SKUs for a whopping $2,400 a piece, which is disappointing, but we won’t go into that right now. Companies like SuperMicro and Cyberpower had their invoices public, but given that no one raised the issue, they were probably discrete.

For consumers who interacted with ZOTAC for any service and uploaded personal documents, it is advised to backtrack specific documents, look up a unique string in them, for example, your name, and add in the “site:zotacusa.com.” If a search result pops up, it is likely a dead link since that’s the temporary fix ZOTAC has started to implement. Currently, ZOTAC is working with partners to fix the issue, but the problem has been raised with the relevant people, and ZOTAC is now asking customers to email personal documents to a certain address.