- Intel staff records were leaked through login failures, exposing confidential information of the company
- A unique manipulated portal exposed to more than 270,000 details of Intel employees
- The credentials encoded in internal portals raised serious security concerns
According to reports, confidential information about each Intel employee was available for anyone who could exploit weaknesses in the company's internal sites, according to an expert.
The Eaton Z security researcher, who described the defects in a long blog post, found a presentation card portal used by Intel staff contained a login system that could be easily manipulated.
By altering how the application verified users, Eaton managed to access data without valid credentials.
A huge scale data file
What began as a small discovery expanded rapidly, since the system presented much more information than its function required. Once deeper access was achieved, the results became difficult to rule out.
Eaton described the download of a file that approached a size gigabyte containing the personal data of the 270,000 Intel employees.
These records included names, roles, managers, addresses and telephone numbers. The escalation of the escape suggests risks beyond simple shame.
The release of such data in the wrong hands could feed the theft of identity, the Phishing schemes or the social engineering attacks.
The situation was not limited to a single vulnerable system, since Eaton reported that three other Intel websites could access with similar techniques.
Internal sites such as the “Product Hierarchy” and portals of “Incorporation of Products” contained coded credentials that were easily deciphered.
Another corporate login page for the Intel supplier site could also be avoided.
Together, these weaknesses formed multiple superimposed doors in the company's internal environment, a worrying image for a company that often emphasizes the importance of digital trust.
Intel was contacted on the problems as of October 2024, and the company finally set the defects at the end of February 2025.
However, Eaton did not receive error rewards compensation, since the Intel program excluded these cases through specific conditions.
The only communication of the company was described as an automated response, asking questions about how seriously the disseminations were managed.
Modern cybersecurity is complex; Organizations can implement Firewall protections and security suites, however, simple supervisions in application design can still expose critical systems.
Even after patches are applied, the incident shows that vulnerabilities are not always exotic defects buried in hardware.
