AMD investigating alleged theft of 450 GB of data

AMD investigating alleged theft of 450 GB of data

Posted on

Advanced Micro Devices Inc. is investigating a potential data breach after a hacking group claimed to have stolen 450 GB of data from the chipmaker.

The stolen data claim comes from a hacking group calling itself RandomHouse. The group claims on its darknet site that it breached AMD on January 5 and was able to gain the data due to the use of weak passwords throughout the organization.

The use of weak passwords was front and center of a rather long and colorful message left written by RandomHouse.

“An era of high-end technology, progress and top security… there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion,” RansomHouse wrote. “It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”

Restore Privacy examined a data sample of the allegedly stolen data and found that it included network files, systems information and AMD passwords. The data in the sample does appear to have been stolen from AMD.

AMD said in a statement that it is aware of a bad actor claiming to be in possession of stolen data and that an investigation is currently underway.

“RansomHouse is claiming they compromised AMD’s network due to weak passwords,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE. “If true, this is an unfortunate instance of poor security.”

“AMD, and any high tech company, should require phishing-resistant multi-factor authentication for all logins, or if MFA cannot be used, require strong and unique passwords,” Grimes explained. “Any lesser practice without sufficient offsetting controls would be considered by most computer security experts as negligence.”

Saryu Nayyar, chief executive officer and founder of unified security and risk analysis company Gurucul Solutions Pvt Ltd A.G. noted that “in an ironic twist of fate, AMD survived the global chip supply chain crisis during the COVID-19 pandemic only to be victimized by ransomware from a new data extortion group.”

“Doubling down on irony is that AMD staff used ‘password’ as the password for critical network access,” Gurucul added. “How does this still happen in companies with security-savvy engineers? It’s beyond comprehension quite frankly. Time to spin all the passwords and clean up security controls. Seriously, it’s time.”

Photo: Domas Mituzas/Wikimedia Commons

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *