Chip Maker Advanced Micro Devices Hit by Data Breach
CREDIT: Advanced Micro Devices
Microprocessor maker Advanced Micro Devices was hit by a data breach yesterday (Aug. 19) after a four-strong hacker group known as "r00tbeersec" hacked its site and posted login credentials for 189 users of AMD's official blog.
AMD's blog, which appeared to have been set up to use the famously hackable WordPress platform, currently displays a "temporarily unavailable" page "due to routine maintenance."
In an email to SecurityNewsDaily, an AMD spokesman confirmed the data breach.
"We believe that the attackers posted less than 200 registered usernames and salted password hashes," referring to an encryption method "which is an industry best practice for encryption and extremely difficult to crack."
The spokesman said the AMD blog had been taken down immediately after the breach and all passwords changed. He expected the blog to be back up within 24 hours.
Ironically, the "@r00tbeer_" Twitter user told SecurityNewsDaily that he used AMD's Radeon graphics cards to crack encrypted passwords.
AMD customers needn't fear, noted Sophos' Paul Ducklin on his company's Naked Security blog. All but about nine of the published email addresses belonged to AMD employees; the others were for employees at two public-relations firms, New York-based Edelman and London-based Bite Communications.
Ducklin speculated that AMD's site may be down as the company attempts to sort out the compromised and mysterious-sounding "user_activation_keys" that were published alongside the personal login data. (The AMD spokesman would not elaborate on those.)
Although the actual amount of leaked information that was leaked was small — just 32 kilobytes — it may be embarrassing for AMD.
The company, founded in 1969, is the second-largest microprocessor manufacturer in the world. As such, it ought to know better than to leave its WordPress blog undefended.
If you're a WordPress user, avoid becoming the next victim by keeping your WordPress software patched, and by turning off or renaming the default "admin" account built into every WordPress blog.