Category Archives: data leak

Intel investigates security breach after the leak of 20GB of internal documents

Intel is investigating reports of an alleged hack that resulted in the theft and leak of 20GB of data coming from the chip giant.

Intel is investigating reports that an alleged hacker has leaked 20GB of exfiltrated from its systems. The stolen data includes source code and developer documents and tools, some documents are labeled as “confidential” or “restricted secret.”

The hackers shared the documents on the file-sharing site MEGA.

The leak was first published by Till Kottmann, a Swiss software engineer, who manage a very popular Telegram channel on data leak. In the past, he shared data on several leaks from major companies including Microsoft, Adobe, GE, Disney, AMD, Lenovo, Motorola, Qualcomm, Mediatek, and Nintendo.

The engineering received the files from an anonymous hacker who claimed to have hacked the company earlier this year, the experts believe that this leak is just a first lot on a larger collection.

Several media outlets independently analyzed the data leak and verified the authenticity of the data.

“Per our analysis, the leaked files contained Intel intellectual property respective to the internal design of various chipsets. The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.” reported ZDNet.

A company spokesperson told SecurityWeek that the data appears to come from the Intel Resource and Design Center. The Center manages information for use by our customers, partners and other external parties.

Below a list of the content included in the leak:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

The good news is that the leaked files doesn’t contain sensitive data about customers or employees of the chip maker.

Pierluigi Paganini

(SecurityAffairs – hacking, data leak)

The post Intel investigates security breach after the leak of 20GB of internal documents appeared first on Security Affairs.

UberEats data leaked on the dark web

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb.

Another day, another data breach made the headlines, this time the alleged victim is UberEATS.

UberEats is an American online food ordering and delivery platform launched by Uber in 2014.

During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS. 

The researchers were able to analyze some files leaked by the threat actors containing UberEATS delivery drivers, delivery partners, and customers.

“During our research process, the Cyble Research Team got hold of some informative details related to this leak.” reads the post published by Cyble.

The experts analyzed 9 TXT files leaked by the threat actor which contained details of UberEATS delivery drivers, delivery partners, and customers. The leaked files also include login credentials of 579 UberEATS customers and details of 100 delivery drivers.

Exposed records include information such as login credentials, full name, contact number, trip details, bank card details, account creation date.

UberEats

Cyble researchers provided the following recommendations:

  • Never share personal information, including financial information over the phone, email or SMSs
  • Use strong passwords and enforce multi-factor authentication where possible
  • Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
  • Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
  • Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
  • People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

Pierluigi Paganini

(SecurityAffairs – hacking, UberEats)

The post UberEats data leaked on the dark web appeared first on Security Affairs.

Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data

A subsidiary of the Dussman Group suffered a ransomware infection in which malicious actors stole and publicly leaked its data. As reported by Bleeping Computer, the operators of Nefilim ransomware made good on a promise made back in March to begin publishing victims’ stolen information by updating their data leaks website with a post entitled […]… Read More

The post Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data appeared first on The State of Security.