A security researcher, Eaton Z, discovered critical vulnerabilities in Intel’s internal portals, including a business card login system that could be manipulated to bypass authentication. By exploiting weak verification mechanisms, the researcher accessed a **1GB data file** containing **personal details of over 270,000 Intel employees**, including names, roles, managers, addresses, and phone numbers. The breach extended beyond a single system, with **three additional Intel websites** (Product Hierarchy, Product Onboarding, and a supplier portal) found to have **hardcoded, easily decryptable credentials**, enabling unauthorized access. The exposed data poses severe risks, such as **identity theft, phishing, and social engineering attacks**, while also undermining Intel’s reputation in digital trust. Despite reporting the flaws in **October 2024**, Intel only patched them by **February 2025** and denied bug bounty compensation, citing program exclusions. The incident highlights how **basic application design oversights**—rather than sophisticated cyberattacks—can lead to large-scale internal data leaks, with potential long-term operational and security repercussions.
TPRM report: https://www.rankiteo.com/company/intel-corporation
"id": "int804082725",
"linkid": "intel-corporation",
"type": "Breach",
"date": "10/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Semiconductors/Technology',
'location': 'Santa Clara, California, USA',
'name': 'Intel Corporation',
'size': 'Large (120,000+ employees globally, though '
'270,000 records exposed)',
'type': 'Corporation'}],
'attack_vector': ['Authentication Bypass',
'Hardcoded Credentials',
'Insecure Direct Object Reference (IDOR)'],
'data_breach': {'data_encryption': 'No (Data was accessible in plaintext)',
'data_exfiltration': 'Yes (1GB file downloaded by researcher)',
'file_types_exposed': ['Database Dump/Export (likely CSV or '
'similar)'],
'number_of_records_exposed': '270,000',
'personally_identifiable_information': 'Yes (Names, '
'addresses, phone '
'numbers, roles, '
'manager details)',
'sensitivity_of_data': 'High (Includes names, roles, '
'managers, addresses, phone numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employee Records']},
'date_detected': '2024-10',
'date_publicly_disclosed': '2025-02',
'date_resolved': '2025-02',
'description': 'A single manipulated portal exposed over 270,000 Intel '
'employee details. Hardcoded credentials on internal portals '
'raised serious security concerns. Security researcher Eaton Z '
'discovered a business card portal with a login system that '
'could be easily manipulated, allowing unauthorized access to '
'a 1GB file containing personal details of all 270,000 Intel '
'employees, including names, roles, managers, addresses, and '
'phone numbers. The vulnerabilities extended to three other '
"internal portals, including 'Product Hierarchy,' 'Product "
"Onboarding,' and a supplier login page, all of which "
'contained hardcoded or easily bypassed credentials. Intel '
'patched the flaws by late February 2025 after being notified '
'in October 2024, but no bug bounty was awarded due to program '
'exclusions.',
'impact': {'brand_reputation_impact': 'Moderate to High (Erosion of digital '
'trust, especially for a company '
'emphasizing cybersecurity)',
'data_compromised': ['Employee Records (270,000)',
'Names',
'Roles',
'Manager Details',
'Addresses',
'Phone Numbers'],
'identity_theft_risk': 'High',
'operational_impact': 'High (Potential for identity theft, '
'phishing, and social engineering attacks '
'due to exposed employee data)',
'systems_affected': ['Business Card Portal',
'Product Hierarchy Portal',
'Product Onboarding Portal',
'Supplier Login Page']},
'investigation_status': 'Resolved (Flaws patched as of February 2025)',
'lessons_learned': ['Hardcoded credentials and weak authentication mechanisms '
'can lead to large-scale data exposure even in tech-savvy '
'organizations.',
'Internal portals must undergo rigorous security testing, '
'including authentication bypass scenarios.',
'Bug bounty program exclusions may discourage ethical '
'disclosures if researchers are not fairly compensated '
'for valid findings.',
'Automated responses to vulnerability reports may '
'undermine trust in an organization’s commitment to '
'security.'],
'motivation': 'Research/Disclosure (Ethical)',
'post_incident_analysis': {'corrective_actions': ['Patched vulnerable portals '
'and removed hardcoded '
'credentials.',
'Presumably reviewed and '
'strengthened '
'authentication processes '
'(though not explicitly '
'detailed).'],
'root_causes': ['Hardcoded credentials in multiple '
'internal portals.',
'Weak authentication mechanisms '
'allowing bypass via manipulated '
'login requests.',
'Lack of proper access controls to '
'restrict data exposure.',
'Inadequate response to '
'vulnerability disclosure, '
'potentially discouraging future '
'ethical reporting.']},
'recommendations': ['Conduct comprehensive audits of internal portals for '
'hardcoded credentials and authentication flaws.',
'Implement multi-factor authentication (MFA) for all '
'internal systems, especially those handling sensitive '
'data.',
'Expand bug bounty program scope to include critical '
'authentication bypass vulnerabilities.',
'Enhance communication protocols for vulnerability '
'disclosures to ensure researchers feel acknowledged and '
'valued.',
'Regularly test for Insecure Direct Object Reference '
'(IDOR) and similar access control vulnerabilities.'],
'references': [{'source': 'TechRadar Pro'},
{'source': 'Eaton Z (Security Researcher Blog Post)'}],
'response': {'communication_strategy': 'Limited (Automated response to '
'researcher; no public statement '
'detailed in the report)',
'containment_measures': ['Patching Vulnerable Portals',
'Removing Hardcoded Credentials'],
'incident_response_plan_activated': 'Yes (Patches applied by '
'late February 2025)'},
'threat_actor': 'Eaton Z (Security Researcher)',
'title': 'Intel Staff Records Leaked Through Login Flaws, Exposing Sensitive '
'Company Information',
'type': ['Data Breach', 'Unauthorized Access', 'Information Disclosure'],
'vulnerability_exploited': ['Weak Login Verification',
'Hardcoded Credentials in Internal Portals',
'Improper Access Controls']}