IntelBroker of the underground hacking forum BreachForums is at it again, and AMD has confirmed that his claimed theft of data is legitimate and involved an unnamed third party vendor. But some questions remain about the data breach as AMD has not confirmed that the full scope of information claimed by IntelBroker has actually been stolen.
The situation mirrors AMD’s last big data breach, which took place almost exactly two years ago. That also involved a theft of a specific type of data, and initial denials from AMD that it was as bad as advertised by the attackers. It seems to be confirmed that IntelBroker has some sort of internal production and business information, but the extent of damage to employees and customers remains unknown.
Investigators still poring through list of stolen data advertised on hacking forum
At this point we know that there has been a data breach at AMD, and that it did involve some sort of third-party vendor that works in production, and may well have exposed some of the company’s future products. Beyond that, there are many questions. The status of the hacking forum, which was just raided last month and suffered serious blows, is a key part of this uncertainty.
IntelBroker’s claims on the hacking forum go beyond that, listing an employee database that contains business contact information and job title/status. They also claimed to have stolen a customer database, though no further details about that are available at present. IntelBroker followed up the post about the AMD data breach with another post about hacking Apple, posting source code purported to be from several of the company’s tools. Apple has not commented as of yet.
The data breach two years ago threw an unflattering light on AMD’s security, as the attackers boasted of entering the network with employee passwords such as “123456” and “password.” The culprits were a smaller RaaS provider called RansomHouse that remains active. AMD reportedly made substantial security improvements in the wake of this event.
More details needed to assess AMD data breach
The main cloud hanging over the verification of this data breach is the questionable state of the hacking forum that IntelBroker operates. BreachForums was raided by an international law enforcement operation last month, which led to the arrest of co-operator Baphomet and the seizure of a substantial amount of its online and offline resources. The forum came back within weeks, but these actions always make criminal clientele leery of returning. Exaggeration of breaches is a technique that has been used before to get the service’s name back in the news and reassure customers that the business is safe and stable.
The data breach came to light on June 18 when it was posted on the hacking forum, but AMD has yet to make clear when it began. It has said that it believes the damage is “limited” and that there will be no material business impact from the incident. But customers and employees will have to wait to see exactly what the fallout is for them.