AMD confirms security breach: Future product information and source code compromised

Chipmaker AMD has confirmed a security breach involving sensitive data on its future products, source codes, and spec sheets. The breach, announced by the threat actor IntelBroker, has put AMD's confidential information at risk of exposure.

As per the reports, the breach was disclosed earlier this week when IntelBroker posted on the BreachForums cybercrime forum, claiming to be "selling the AMD.com data breach." According to IntelBroker, the stolen files include details on future AMD products, datasheets, employee and customer databases, property files, firmware, source code, and financial documentation. The seller alleges that the data was stolen in June 2024.

Compromised employee data reportedly includes first and last names, job functions, business phone numbers, email addresses, and employment status. Although the authenticity of the data is yet to be verified, the breach is a significant concern for AMD, given IntelBroker's history of involvement in large security breaches, including those involving Europol and Facebook Marketplace.

IntelBroker released a sample of the data, which purportedly shows AMD product information. However, none of the listed products or the sample itself reveals information on unreleased products. The sample does contain data on the EPYC 4004 series, which was launched in late May.

In response to the breach, AMD has launched an investigation and is working closely with law enforcement officials and a third-party hosting partner. "We are aware of a cybercriminal organissation claiming to be in possession of stolen AMD data. We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data," AMD said in a statement.

This is not the first time AMD has faced a security breach. In 2022, a separate incident resulted in the compromise of 450 GB of data. However, that data did not make its way to the public. It remains unclear whether the current group intends to release more data if their demands are not met.

The breach underscores the ongoing cybersecurity challenges faced by major technology companies. As AMD works to assess the extent of the stolen data and mitigate the impact, the incident serves as a reminder of the importance of robust security measures to protect sensitive information in an increasingly digital world.

On June 10s, researchers reported that Meta-owned Facebook experienced a data breach affecting over 100,000 users. Cybersecurity experts from CyberPeace disclosed that 100,000 lines of new user data, including personal details such as names, profiles, emails, phone numbers, and locations, were exposed on a data breach platform.

Earlier in May, new findings from Fortinet’s FortiGuard Labs and CyberArk underscore the growing urgency for improved security protocols and industry-wide collaboration to combat escalating cyber threats.

According to Fortinet’s FortiGuard Labs’ 2H 2023 Global Threat Landscape Report, cybercriminals are now exploiting new vulnerabilities 43% faster than they did in the first half of 2023. On average, vulnerabilities are being exploited just 4.76 days after their disclosure. This alarming trend highlights the pressing need for vendors to embed robust security measures throughout the product lifecycle and maintain transparent vulnerability disclosures.