Researcher Eaton Zveare was able to determine shortcomings in Intel's systems.
Internal systems at Intel were infiltrated by a security researcher, resulting in the exposure of information from 270,000 of its employees.
According to a report from Zveare and reported by Cybernews, researcher Eaton Zveare was able to exploit a vulnerability on Intel's corporate business card ordering website in India to enable API generation of an almost 1 GB JSON file. This included data from Intel's workers, including names, roles, phone numbers, mailbox addresses, and managers.
Intel's Hierarchy Management website was also found to have inadequate client-side encryption that revealed not only an insecure password but also details on unreleased products. However, the most significant hardcoded credential leak was observed in Intel's Product Onboarding site, which had plaintext credentials for multiple APIs.
Intel employee information was also leaked by Intel's Supplier EHS IP Management System site, which also had client-side alterations permitting access to suppliers' confidential information.
All of the issues were noted by Zveare to have merited only 'thank you' messages from Intel, which has only recently added services to its bug bounty program.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
