Hacker Exploits Weakness in Intel’s Internal Systems
A shocking revelation has emerged in the cybersecurity community: a hacker managed to download sensitive data of 270,000 Intel employees by exploiting a surprisingly simple vulnerability in the company’s internal websites. The flaw was connected to Intel’s business card ordering portal and three additional internal resources, making confidential employee information easily accessible.
The Discovery of “Intel Outside”
The researcher behind the discovery, Eaton Z., a reverse engineering and software development specialist, shared his findings in what he called the “Intel Outside” project. According to him, until late February, confidential data about Intel staff worldwide could be accessed without authorization due to poorly secured login mechanisms on Intel’s India Operations (IIO) website.
Eaton explained that by analyzing the JavaScript files behind the login form, he was able to bypass authentication simply by modifying the application’s response. This trick fooled the system into treating him as a valid user, granting access to employee directories and internal data.
Scale of the Data Exposure
What makes this breach particularly concerning is the sheer volume of data exposed. The anonymous API token available to all users provided an even deeper level of access, leading to a 1 GB JSON file containing employee information. The dataset included names, job titles, managers’ details, phone numbers, and email addresses of Intel staff across the globe.
Eaton emphasized the ease with which he was able to obtain such sensitive records, pointing out that the information far exceeded what was necessary for a simple internal website.
More Vulnerabilities Uncovered
The researcher didn’t stop there. His investigation revealed three more vulnerable Intel websites, including the company’s “Product Hierarchy” and “Product Adaptation” systems. These platforms contained easily decodable credentials, giving him administrative access and even broader employee datasets. Additionally, the corporate login of Intel’s supplier portal SEIMS was also found to be insecure.
Cybersecurity experts compared the process to picking locks while listening for clicks, highlighting Intel’s lack of robust digital safeguards.
Intel’s Response and Lack of Recognition
After discovering these flaws, Eaton responsibly reported them to Intel. However, his attempts to notify the company were met with little acknowledgment—he received only one automated response and was informed that his findings did not meet Intel’s bug bounty criteria. Despite this, Intel fixed all identified vulnerabilities by February 28, closing off public access.
Conclusion
The Intel data exposure case underscores the critical importance of strengthening corporate cybersecurity systems. Even the most advanced tech companies can fall victim to oversight, and when internal tools are left vulnerable, the consequences can be massive. While Intel has since patched the flaws, this incident serves as a stark reminder that basic security hygiene must never be neglected.
