AMD is Investigating a Potential 450 Gb Data Breach

AleksandarK · Jul 7, 2022

RansomHouse, a newly established group aimed at monetizing stolen data, claims to own more than 450 Gb of data coming from AMD. The RansomHouse group is structured as the middleman and makes sure that hackers and victims negotiate to get the funds to hackers and data back to victims. It is claimed that the leaked AMD data contains network files, system information, and AMD passwords. This could be a very dangerous data breach, as inter-company passwords are used to access confidential files and personal information. The group notes that they own 450 Gb or gigabits of data, which translates into 56.25 GB or gigabytes of stolen data. We are not yet sure if the Gb notation is misspelled. It is claimed that AMD's poor security practices like using "password" passwords lead to the data breach, and no special ransomware software was used.

Tom's Hardware reached out to AMD for a statement, and got the following response:

AMD Representative for Tom's Hardware said:
AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.

View at TechPowerUp Main Site | Source

SOAREVERSOR · Jul 7, 2022

I wonder if they got owned by a security bug in their own chips!

bug · Jul 7, 2022

Gb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.

PerfectWave · Jul 7, 2022

450 Gb or gigabits of data, which translates into 56.25 GB???

Valantar · Jul 7, 2022

bug said:
Gb? Gigabits? I would like to see them clarify this.
Storage is usually measured on GB, but they may be talking about something they noticed on the wire, there Gb is more common.

PerfectWave said:
450 Gb or gigabits of data, which translates into 56.25 GB???

Yeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?

R-T-B · Jul 7, 2022

SOAREVERSOR said:
I wonder if they got owned by a security bug in their own chips!

They got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.

SOAREVERSOR · Jul 7, 2022

R-T-B said:
They got owned by weak passwords. I've been through the report. They had set network passwords to things like "amd123"

I'm fairly confident the "Gb" prefix is the ransomware group being noobsticks themselves, and they mean GBs.

It was a joke!

bug · Jul 7, 2022

Valantar said:
Yeah, this sounds weirdly like someone trying to inflate the scale of this breach. Not that 56GB isn't a lot of data, but ... what?

Sure, the Universe conspiring to make AMD look bad... Interesting reaction.

The size of the breach is pretty much irrelevant (still, the choice of measurement unit is strange). I mean, if they stole 50GB of 4k video, that's next to nothing. If 50GB of plain text files were exfiltrated, that is an enormous amount, with a good chance of containing something really sensitive.

64K · Jul 7, 2022

From the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

Deleted member 24505 · Jul 7, 2022

this RansomHouse group should be destroyed and people prosecuted.

PerfectWave · Jul 7, 2022

Tigger said:
this RansomHouse group should be destroyed and people prosecuted.

Do it!

bug · Jul 7, 2022

64K said:
From the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

Still not a big problem if you use 2FA. You can even offer your employees something like Yubikey which is even FIPS certified for some models. Or at least to the employees touching the most sensitive stuff.

AsRock · Jul 7, 2022

Tigger said:
this RansomHouse group should be destroyed and people prosecuted.

Pretty sure they just admitted they know who did it hahahaha.

Nuke Dukem · Jul 7, 2022

The last time I used "password" as a password was last year when I was doing random remote desktop work from one room in the house to another and some Russian bot net caught me with my pants down, ending my session in real time. I must have forgotten to send AMD a memo...

Valantar · Jul 7, 2022

bug said:
Sure, the Universe conspiring to make AMD look bad... Interesting reaction

Uh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.

bug · Jul 7, 2022

Valantar said:
Uh ... why is saying "it's kind of weird to want to exaggerate the amount of data stolen, I wonder why?" somehow equivalent to saying "there's a conspiracy against AMD!"? Maybe take a step back and look at my post again, but without presuming some kind of bias? I have no idea where you got that conspiratorical angle from, but it wasn't from my post.

Because, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.

P4-630 · Jul 7, 2022

Old news....I know this since June 30....

450Gb met "password" beveiligde data gestolen van AMD

RansomHouse, een zelfuitgeroepen "professionele mediators-community", heeft een nieuw slachtoffer gevonden. De groep stelt dat ze geen ransomware produ...

nl.hardware.info

Valantar · Jul 7, 2022

bug said:
Because, without any additional data, you're assuming exaggeration is at play. And you end with a question implying there are ulterior motives.

... sigh. The vastly dominant conventional way of presenting stored data is in B, not b. Presenting stored data in bits multiplies the number of bytes by 8. This is, inherently, an exaggeration, as most readers either won't notice or don't know the difference between b and B. There is no assumption there: presenting stored data in bits and not bytes is exaggerating its size. Period.

As for the question "implying there are ulterior motives": seriously, dude, please stop reading things into simple words that are not there. The question is an open and explicitly non-loaded one: "What?" as in, incredulity and confusion. A desire to inflate the numbers is one possible explanation, sure, but you're actually arguing that asking the question is inherently suggesting this, which ... well, boggles the mind. You're reading this as a pointed rhetorical move that it simply isn't. Heck, if anything the incredulity is there in part to highlight how pointless such exaggeration would be.

And, to be clear, even if that was the suggestion - I did touch on the weirdness of this exaggeration, after all - even that isn't inherently angled as "there's a conspiracy against AMD". IMO a reasonable interpretation would be that the hacker group might be trying to brag or pass off what they've done as larger scale than what it was - which is also reflected in the kinda-incredulous "what?" at the end of the sentence, as that would be pretty weird. Explaining this through incompetence/oversight is equally weird - I would kind of assume someone with the combination of social engineering and technical skills required to pull something like this off would have the general wherewithal to not confuse GB with Gb. Heck, for all we know this could be written on a phone and thus be a product of bad autocorrect. Who knows? Either way, it's weird. And that's all that was implied by my post.

zlobby · Jul 7, 2022

SOAREVERSOR said:
I wonder if they got owned by a security bug in their own chips!

That would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors!

The red spirit · Jul 7, 2022

zlobby said:
That would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors!

Then AMD would just blame it on something else, they have no reason to openly admit that their chips were compromised.

mechtech · Jul 7, 2022

So they downloaded a couple gpu drivers??

64K said:
From the articles concerning some people using "password" as their password. Sadly it is probably pretty common based on my experience with some inventory software that I managed as part of my duties before I retired.

That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

windwhirl · Jul 7, 2022

mechtech said:
Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

Password1337

There you have it.

On the other hand, they should have a system that catches words and forces them to have actually random passwords, like "Wt8YK2ZMJWGv"

Deleted member 24505 · Jul 7, 2022

Apparently the best type of passwords are just 3 random words, treescooterracoon

https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

defaultluser · Jul 7, 2022

You know, if folks didn't pay ransomware attacks, then it would be a lot harder getting paid (and companies like these wouldn't exist)

Who here really believes a hacker when they "pinky swear" they deleted al that data? More likely, they are getting paid TWICE ( one to get the data back, and then another on the closed market. for lots of random of data.)

Sure, its less destructive that publishing it on the open web, but it sets you up as an easy mark ( so long-term, it will cost you more to pay multiple times than a massive security audit + redesign following the first dump of data)

64K · Jul 7, 2022

mechtech said:
So they downloaded a couple gpu drivers??

That’s pretty crazy and one would think doubtful. Where I work we have to change all our passwords quarterly and have to contain numbers, letters lower and upper case and be at least 12 characters long.

It wasn't for the main site. It was just for some special software. After I turned it over to the IT dept to resolve they made the people do what you are talking about with 2 exceptions. The passwords only had to be 8 character minimum and contain at least 1 special character.

When they implemented the quarterly change later you have never seen such whining from adults.

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

System Name	Gaming PC / I7 XEON
Processor	I7 4790K @stock / XEON W3680 @ stock
Motherboard	Asus Z97 MAXIMUS VII FORMULA / GIGABYTE X58 UD7
Cooling	X61 Kraken / X61 Kraken
Memory	32gb Vengeance 2133 Mhz / 24b Corsair XMS3 1600 Mhz
Video Card(s)	Gainward GLH 1080 / MSI Gaming X Radeon RX480 8 GB
Storage	Samsung EVO 850 500gb ,3 tb seagate, 2 samsung 1tb in raid 0 / Kingdian 240 gb, megaraid SAS 9341-8
Display(s)	2 BENQ 27" GL2706PQ / Dell UP2716D LCD Monitor 27 "
Case	Corsair Graphite Series 780T / Corsair Obsidian 750 D
Audio Device(s)	ON BOARD / ON BOARD
Power Supply	Sapphire Pure 950w / Corsair RMI 750w
Mouse	Steelseries Sesnsei / Steelseries Sensei raw
Keyboard	Razer BlackWidow Chroma / Razer BlackWidow Chroma
Software	Windows 1064bit PRO / Windows 1064bit PRO

System Name	Hotbox
Processor	AMD Ryzen 7 5800X, 110/95/110, PBO +150Mhz, CO -7,-7,-20(x6),
Motherboard	ASRock Phantom Gaming B550 ITX/ax
Cooling	LOBO + Laing DDC 1T Plus PWM + Corsair XR5 280mm + 2x Arctic P14
Memory	32GB G.Skill FlareX 3200c14 @3800c15
Video Card(s)	PowerColor Radeon 6900XT Liquid Devil Ultimate, UC@2250MHz max @~200W
Storage	2TB Adata SX8200 Pro
Display(s)	Dell U2711 main, AOC 24P2C secondary
Case	SSUPD Meshlicious
Audio Device(s)	Optoma Nuforce μDAC 3
Power Supply	Corsair SF750 Platinum
Mouse	Logitech G603
Keyboard	Keychron K3/Cooler Master MasterKeys Pro M w/DSA profile caps
Software	Windows 10 Pro

System Name	Pioneer
Processor	Ryzen R9 9950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise IoT 2024

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

AMD is Investigating a Potential 450 Gb Data Breach

AleksandarK

News Editor

SOAREVERSOR

bug

PerfectWave

Valantar

R-T-B

SOAREVERSOR

bug

64K

Deleted member 24505

Guest

PerfectWave

bug

AsRock

TPU addict

Nuke Dukem

Valantar

bug

P4-630

450Gb met "password" beveiligde data gestolen van AMD

Valantar

zlobby

The red spirit

mechtech

windwhirl

Deleted member 24505

Guest

defaultluser

64K

Processor	i7 7700k
Motherboard	MSI Z270 SLI Plus
Cooling	CM Hyper 212 EVO
Memory	2 x 8 GB Corsair Vengeance
Video Card(s)	Temporary MSI RTX 4070 Super
Storage	Samsung 850 EVO 250 GB and WD Black 4TB
Display(s)	Temporary Viewsonic 4K 60 Hz
Case	Corsair Obsidian 750D Airflow Edition
Audio Device(s)	Onboard
Power Supply	EVGA SuperNova 850 W Gold
Mouse	Logitech G502
Keyboard	Logitech G105
Software	Windows 10

System Name	AlderLake
Processor	Intel i7 12700K P-Cores @ 5Ghz
Motherboard	Gigabyte Z690 Aorus Master
Cooling	Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory	32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s)	MSI RTX 2070 Super Gaming X Trio
Storage	Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s)	23.8" Dell S2417DG 165Hz G-Sync 1440p
Case	Be quiet! Silent Base 600 - Window
Audio Device(s)	Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply	Seasonic Focus Plus Gold 750W
Mouse	Logitech MX Anywhere 2 Laser wireless
Keyboard	RAPOO E9270P Black 5GHz wireless
Software	Windows 11
Benchmark Scores	Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock

System Name	Shizuka
Processor	Intel Core i5 10400F
Motherboard	Gigabyte B460M Aorus Pro
Cooling	Scythe Choten
Memory	2x8GB G.Skill Aegis 2666 MHz
Video Card(s)	PowerColor Red Dragon V2 RX 580 8GB ~100 watts in Wattman
Storage	512GB WD Blue + 256GB WD Green + 4TH Toshiba X300
Display(s)	BenQ BL2420PT
Case	Cooler Master Silencio S400
Audio Device(s)	Topping D10 + AIWA NSX-V70
Power Supply	Chieftec A90 550W (GDP-550C)
Mouse	Steel Series Rival 100
Keyboard	Hama SL 570
Software	Windows 10 Enterprise

Processor	Ryzen 5700x
Motherboard	Gigabyte X570S Aero G R1.1 BiosF5g
Cooling	Noctua NH-C12P SE14 w/ NF-A15 HS-PWM Fan 1500rpm
Memory	Micron DDR4-3200 2x32GB D.S. D.R. (CT2K32G4DFD832A)
Video Card(s)	AMD RX 6800 - Asus Tuf
Storage	Kingston KC3000 1TB & 2TB & 4TB Corsair MP600 Pro LPX
Display(s)	LG 27UL550-W (27" 4k)
Case	Be Quiet Pure Base 600 (no window)
Audio Device(s)	Realtek ALC1220-VB
Power Supply	SuperFlower Leadex V Gold Pro 850W ATX Ver2.52
Mouse	Mionix Naos Pro
Keyboard	Corsair Strafe with browns
Software	W10 22H2 Pro x64

System Name	System V
Processor	AMD Ryzen 5 3600
Motherboard	Asus Prime X570-P
Cooling	Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory	2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s)	Gigabyte AORUS Radeon RX 580 8 GB
Storage	SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s)	LG 22MP55 IPS Display
Case	NZXT Source 210
Audio Device(s)	Logitech G430 Headset
Power Supply	Corsair CX650M
Software	Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores	Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624