Apparently, at least some of the passwords used were no more complex than 'password.' Yeah, your read that right. It's 2022 and major corporations are still using 'password' for sensitive information. I'm guessing '123456' was one of them, considering some of the startlingly dumb passwords(opens in new tab) corpos have been caught using recently.
RansomHouse claims that the data was taken back in January 2022 and has provided a data sample as evidence of the hack, which you can view over on Restore Privacy(opens in new tab), which originally ran the news. That site has reviewed some of the data, but it isn't clear if the data is genuine or not, so this attack is still officially unverified.
RansomHouse states that it has nothing to do with the breach itself and doesn't produce ransomware or encrypt data, and instead acts as a "professional mediator." It's a fairly new outfit, that appears to have started in December 2021 and lists six companies that it has hacked data from, with AMD being the latest.
It's worth noting that small 'b' after the amount of data stolen as well, as that means gigabits and not gigabytes. 450Gb is just over 56GB of data, assuming that it isn't just a typo in the first place. That isn't a lot, especially for a company as big as AMD, but it obviously depends on what that data pertains to as to how valuable it is.
AMD reached out to our sister site, Tom's Hardware(opens in new tab), to confirm the following, "AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway."
It'll be interesting to see how AMD responds going forward, and ultimately whether it's willing to pay up to protect the data. The company should probably change a few of its passwords either way.
Posted:
Related Forum: PC Gaming Forum
Source: https://www.pcgamer.com/amd-hack-due-to-some-of-its-passwords-being-just-password/
"AMD hack due to some of its passwords being just "password"" :: Login/Create an Account :: 3 comments