Thursday, July 7th 2022

AMD is Investigating a Potential 450 Gb Data Breach

RansomHouse, a newly established group aimed at monetizing stolen data, claims to own more than 450 Gb of data coming from AMD. The RansomHouse group is structured as the middleman and makes sure that hackers and victims negotiate to get the funds to hackers and data back to victims. It is claimed that the leaked AMD data contains network files, system information, and AMD passwords. This could be a very dangerous data breach, as inter-company passwords are used to access confidential files and personal information. The group notes that they own 450 Gb or gigabits of data, which translates into 56.25 GB or gigabytes of stolen data. We are not yet sure if the Gb notation is misspelled. It is claimed that AMD's poor security practices like using "password" passwords lead to the data breach, and no special ransomware software was used.

Tom's Hardware reached out to AMD for a statement, and got the following response:
AMD Representative for Tom's HardwareAMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.
Source: Tom's Hardware
Add your own comment

46 Comments on AMD is Investigating a Potential 450 Gb Data Breach

#1
SOAREVERSOR
I wonder if they got owned by a security bug in their own chips!
Posted on Reply
#2
bug
Gb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.
Posted on Reply
#3
PerfectWave
450 Gb or gigabits of data, which translates into 56.25 GB???
Posted on Reply
#4
Valantar
bugGb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.
PerfectWave450 Gb or gigabits of data, which translates into 56.25 GB???
Yeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?
Posted on Reply
#5
R-T-B
SOAREVERSORI wonder if they got owned by a security bug in their own chips!
They got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.
Posted on Reply
#6
SOAREVERSOR
R-T-BThey got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.
It was a joke!
Posted on Reply
#7
bug
ValantarYeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?
Sure, the Universe conspiring to make AMD look bad... Interesting reaction.

The size of the breach is pretty much irrelevant (still, the choice of measurement unit is strange). I mean, if they stole 50GB of 4k video, that's next to nothing. If 50GB of plain text files were exfiltrated, that is an enormous amount, with a good chance of containing something really sensitive.
Posted on Reply
#8
64K
From the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.
Posted on Reply
#9
Unregistered
this RansomHouse group should be destroyed and people prosecuted.
#10
PerfectWave
Tiggerthis RansomHouse group should be destroyed and people prosecuted.
Do it!
Posted on Reply
#11
bug
64KFrom the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.
Still not a big problem if you use 2FA. You can even offer your employees something like Yubikey which is even FIPS certified for some models. Or at least to the employees touching the most sensitive stuff.
Posted on Reply
#12
AsRock
TPU addict
Tiggerthis RansomHouse group should be destroyed and people prosecuted.
Pretty sure they just admitted they know who did it hahahaha.
Posted on Reply
#13
Nuke Dukem
The last time I used "password" as a password was last year when I was doing random remote desktop work from one room in the house to another and some Russian bot net caught me with my pants down, ending my session in real time. I must have forgotten to send AMD a memo...
Posted on Reply
#14
Valantar
bugSure, the Universe conspiring to make AMD look bad... Interesting reaction
Uh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.
Posted on Reply
#15
bug
ValantarUh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.
Because, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.
Posted on Reply
#17
Valantar
bugBecause, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.
... sigh. The vastly dominant conventional way of presenting stored data is in B, not b. Presenting stored data in bits multiplies the number of bytes by 8. This is, inherently, an exaggeration, as most readers either won't notice or don't know the difference between b and B. There is no assumption there: presenting stored data in bits and not bytes is exaggerating its size. Period.

As for the question "implying there are ulterior motives": seriously, dude, please stop reading things into simple words that are not there. The question is an open and explicitly non-loaded one: "What?" as in, incredulity and confusion. A desire to inflate the numbers is one possible explanation, sure, but you're actually arguing that asking the question is inherently suggesting this, which ... well, boggles the mind. You're reading this as a pointed rhetorical move that it simply isn't. Heck, if anything the incredulity is there in part to highlight how pointless such exaggeration would be.

And, to be clear, even if that was the suggestion - I did touch on the weirdness of this exaggeration, after all - even that isn't inherently angled as "there's a conspiracy against AMD". IMO a reasonable interpretation would be that the hacker group might be trying to brag or pass off what they've done as larger scale than what it was - which is also reflected in the kinda-incredulous "what?" at the end of the sentence, as that would be pretty weird. Explaining this through incompetence/oversight is equally weird - I would kind of assume someone with the combination of social engineering and technical skills required to pull something like this off would have the general wherewithal to not confuse GB with Gb. Heck, for all we know this could be written on a phone and thus be a product of bad autocorrect. Who knows? Either way, it's weird. And that's all that was implied by my post.
Posted on Reply
#18
zlobby
SOAREVERSORI wonder if they got owned by a security bug in their own chips!
That would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors! ;)
Posted on Reply
#19
The red spirit
zlobbyThat would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors! ;)
Then AMD would just blame it on something else, they have no reason to openly admit that their chips were compromised.
Posted on Reply
#20
mechtech
So they downloaded a couple gpu drivers??

;)
64KFrom the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.
That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.
Posted on Reply
#21
windwhirl
mechtechWhere I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.
Password1337

There you have it.

On the other hand, they should have a system that catches words and forces them to have actually random passwords, like "Wt8YK2ZMJWGv"
Posted on Reply
#23
defaultluser
You know, if folks didn't pay ransomware attacks, then it would be a lot harder getting paid (and companies like these wouldn't exist)

Who here really believes a hacker when they "pinky swear" they deleted al that data? More likely, they are getting paid TWICE ( one to get the data back, and then another on the closed market. for lots of random of data.)

Sure, its less destructive that publishing it on the open web, but it sets you up as an easy mark ( so long-term, it will cost you more to pay multiple times than a massive security audit + redesign following the first dump of data)
Posted on Reply
#24
64K
mechtechSo they downloaded a couple gpu drivers??

;)


That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.
It wasn't for the main site. It was just for some special software. After I turned it over to the IT dept to resolve they made the people do what you are talking about with 2 exceptions. The passwords only had to be 8 character minimum and contain at least 1 special character.

When they implemented the quarterly change later you have never seen such whining from adults.
Posted on Reply
#25
Chrispy_
Tiggerthis RansomHouse group should be destroyed and people prosecuted
Ah yes, let's prosecute the anonymous black market that exists only because it's managed to evade all law-enforcement to date.
Prosecution is definitely the solution!
:D
Posted on Reply
Add your own comment
Dec 22nd, 2024 09:00 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts