Earlier this week, rumours began to appear online suggesting that AMD had just been subjected to a pretty huge hacking incident. Although details at the time were more than a little unclear, it was alleged that a huge amount of data had been stolen from the tech giant and was currently being advertised for sale online (via the Darkweb).
While AMD had, to date, been silent on the subject, following a report via TechPowerUp, while they have not confirmed that the hacking attempt was successful, they have gone as far to say that they are, at the very least, investigating the claims.
Following comments from the supposed ‘hacker’, however, it seems that this data breach wasn’t by any notably impressive means of technical espionage and/or ransomware, but rather some woefully (and laughably poor) security!
AMD “Investigating” Hacking Incident
You would, at this point, think that the news pretty much begins and ends here, right? The source has claimed that they have stolen 56.25GB of data and that, in a nutshell, it’s currently available to presumably the highest bidder. Albeit, the amount of data obtained is apparently somewhat contested due to the hacker regularly switching terminology from gigabits to gigabytes in their ‘sales’ pitch. No matter how you look at this though, it’s a lot of information and reportedly contains a lot of sensitive documentation as well as employee personal data.
How did they manage to steal this information though? Was it an amazingly elaborate and long-planned attack on a scrutinously observed sensitive system? Did they successfully sneak some ransomware through? – No, the source is claiming something way simpler than that.
Put simply, the hacker (group or individual) has alleged that they got the data because a number of AMD user passwords were (wait for it…) “password”. Yep, AMD employees may have been allowed to use one of the most worst and notoriously awful “passwords” for their accounts!
What Do We Think?
If this is true, then it would clearly add insult to injury for AMD that not only have they had masses of highly-sensitive data stolen, but more so, that it was done with almost embarrassingly pathetic ease!
We will, of course, keep you updated on the situation as it develops. As above, at the moment all AMD is officially saying is that they are investigating the allegations. – I think it goes without saying though that if you happen to have “password” for any of your online accounts, this should act as a pretty solid lesson to, you know, change it to something a bit less obvious.
And no, we doubt that “password1” is much better.
What do you think though? – Let us know in the comments!