AMD Initiates Breach Probe as Data Appears on Darknet Forum For Sale
Advanced Micro Devices (AMD) is alleged to have been breached this month, and the stolen data is being sold on a dark web forum. The semiconductor company’s statement to multiple publishers suggests it could have been compromised through a third party. Learn more about the breach.
- Advanced Micro Devices (AMD) is alleged to have been breached this month, and the stolen data is being sold on a dark web forum.
- Intelbroker, the threat actor who claimed the AMD data breach, has previously victimized Home Depot, the Europol Platform for Experts portal, and DC Health Link.
American chipmaker AMD confirmed to PCMag and others that it is investigating a data breach it is claimed to have been subject to in June 2024.
Dark Web Informer shared screenshots of IntelBroker’s post on the resurfaced darknet site BreachForums, claiming to have AMD’s future AMD products, specification sheets, customer databases, property files, ROMs, source code, firmware and finances.
Breached and on-sale data also includes employee databases, which include user IDs, first names, last names, job functions, business phone numbers, and email status.
“Most of the time, hacker claims are truthful and accurate. But there have been more than enough false claims over the years that no company or person can simply trust what a malicious hacker is saying,” Roger Grimes, data-driven defense evangelist at KnowBe4, told Spiceworks News & Insights.
IntelBroker’s post includes screenshots of the data as proof to negotiate the buying price of the alleged treasure trove of information, which, if true, could be detrimental to AMD’s position in the AI race.
AMD told PCMag this week: “We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data. We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.”
See More: Admins of Darknet Marketplace Empire Market Face Life Term For Enabling $430M in Transactions
AMD’s mention of a third party suggests it could have been the source of the breach rather than AMD-owned systems and servers. This wouldn’t be the first time IntelBroker obtained data through a third-party service provider.
The threat actor previously breached Home Depot through a third party in April 2024 (10,000 employees affected), the Europol Platform for Experts portal in May 2024 (classified information), and DC Health Link in March 2023, which reportedly impacted US House of Representatives members and staff.
AMD was previously victimized by RansomHouse in June, which led to the theft of 450 gigabytes of data. However, neither the company nor IntelBroker has confirmed if the two-year-old cyberattack was the stolen data source.
“So, step one is confirmation,” Grimes continued. “Step two, if the data is confirmed as belonging to AMD, is to see if there is anything the company can do legally to prevent the information from being sold and disseminated. Often there is nothing a company can do, but sometimes publishing sites can be convinced to take down the stolen data.”
“Step 3, if the data is real, is to notify impacted people or companies in a timely manner. Step 4, if the data is real, is to give impacted employees or customers (costless) ways for them to monitor for unauthorized use of the information.”
“Step 5, is to determine how the information was stolen (i.e., social engineering, unpatched software or firmware, etc.) and to implement mitigations to prevent data loss from happening again.”
MORE ON DATA BREACHES
