Hacker Says He Compromised Intel, Gained Private Info
A hacker using the alias Weedgrower claims to have breached Intel.com and acquired names, credit card numbers and more.
A hacker using the pseudonyms "Weedgrower" and "X-pOSed" is claiming that he compromised Intel and obtained sensitive data by using a flaw in the subscriber segment of Intel's web site. With access to the Intel.com database, the hacker claims he can retrieve sensitive information like credit card numbers, social security numbers, email addresses, passwords and more.
"I've got to give some applause to all these pseudo-security technicians out there," the hacker states. "I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I'll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such."
The hacker reportedly plans to reveal the first vulnerability -- and possibly the user information although it's not entirely clear at this point -- if he doesn't hear from Intel.com soon. The Hacker News reports that this first Intel vulnerability is similar to the one found will Dell's website earlier this month which isn't critical but could be used as a tool to leak personal information.
This threat from Weedgrower is taken seriously because of his past experience. Just in 2012 alone, the hacker has infiltrated large commercial sites including AOL, NASA, Hotmail, MySpace, Xbox, USBank, Yahoo and VISA, leaking information from most of these sites. As proof of his recent entry into Intel's database, Weedgrower has provided a screenshot showing an edited list of personal information, as seen below.
So far Intel has not responded to the threat.
- CPU Performance Boosted 20% When CPU, GPU Collaborate
- Leaked Slide Shows Intel Haswell Set for March-June 2013
- Diablo 3 Won't Be Anywhere in Sight Until at Least Q2 2012
- Updated: Raspberry Pi Commercial Version in 3Q12
- Foxconn Hacked; Passwords and Logins Posted Online
- Microsoft Promises "Fair and Reasonable" Patent Licensing
- Deals Feb 9: 23" Core i5 AIO Touchscreen PC + Camera $949
- $100,000 If You Can Prove Quantum Computers Impossible
- Google Could be Planning a Retail Store in Dublin
- Gabe Newell Gives Update on Steam Hack of 2011
- Apple Now Worth More than Google and Microsoft Combined
- Blizzard and Valve at War Over DOTA Name
- Deals Feb 11: HP dm4t Beats Core i5 + 1TB HDD Laptop $749
- Google Paid $410,000 for Chrome Bugs
- Download All the Torrents on The Pirate Bay in Only 90MB
- Epic Revealing Unreal Engine 4 Later This Year
- Hard Drive Prices to Remain Inflated Throughout 2012
- Send Your Kid for Free Coding Classes at the CoderDojo
Um... Im not 100% on this but isn't "insert into" an sql query to put data into a database... Not read the data..
Seems he was importing the data from their database into a dummy one of his own.
"Hacker Says He Compromised Intel, Gained Private Info"
There is an ERROR in the title !
Corrected:
"A Criminal Says He Compromised Intel, Gained Private Info"
Am I the only one who thinks he (and Toms) hasn't blocked out enough info in that example?
Don't hack me bro.
Am I the only one who thinks he (and Toms) hasn't blocked out enough info in that example?
me too, credit card numbers and expiary dates aren't hidden
this is really stupid
REMOVE THE PICTURE NOW
I think the picture should be removed.
I'm more interested in when the Core i7 3930k and 3820 will start appearing in stores where you can actually buy them. I really don't like this rumored delay to March 1st. Too many delays! I'd also like to know more about exactly when Intel wants to release Ivy Bridge. When can I buy a Core i7 3770k? Credit cards, emails, and other stuff out of an Intel database is about the least interesting thing that company stores. I wish you could see me yawning.
Hackers suck!. Some of you guys seem to praise them. Sneaking in strangers bedroom or stealing food from their kitchen must be considered as good manners in your side of the world.
Well you don't know how it's like to be getting hacked into. 99% of times hackers hack just to annoy the domain owner and to set the prominence in their community. Nobody bothers to check the damages suffered by the victim.
Few of my websites got hacked few days back. Getting them back online was a tiresome job. I researched on the hacker and found he hacks thousands of website everyday without any purpose.
I think the picture should be removed.
They don't have edit button, they never had.
me too, credit card numbers and expiary dates aren't hiddenthis is really stupidREMOVE THE PICTURE NOW
Not to mention the the CVV codes...
I can make out the last four of a card number, card type, lastname, birthdate, cvv, and expiration date of one person here. Please remove the image.
Yup, Tom's needs to remove the picture. There's this cool feature in a little program called Acrobat (and countless other programs) that allows for actual redaction of data if they want to go that route.
I like how they blocked out a portion of the email address and card numbers (poorly i might add) yet their full names and home addresses are posted out in the open. lol
That picture might contain some fake inserted material... like comfystore.com..... I dunno, but they shouldn't have it up either way...
There are very very few hackers out there and this individual is not one of them. "Hacking" has been perverted into something that it never was years and years ago. The rush of gaining access to a system just to prove you could do it is what hacking was all about NOT what is going on now a days. Using software tools and simple techniques (SQL injection anyone) to gain access to a system is not hacking...just a simple script kiddie desperate for attention. These people, Anon for one, aren't doing the public a service they perverted the term hacking into something it never was. Stealing data and posting it online is not hacking. It's people thinking they are big players when in fact they are not. I can teach my 12yo nephew how to do a DDoS attack..lmao.
The fact that my calling Hackers what they are, Criminals resulted in 2 thumbs down.
Intersting, so at least 3 members her thing that what this idiot did is not criminal ?
This in itself shows where part of the problem with Hackers is; there are simply too many people out there who think that Hackers who steal Databases are 'Heroes' or something.
They are not!
And once they break into YOUR computer and publish all that 'very personal stuff' YOU have on there to the world; then we will see who is calling the police bercause a 'crime' has been commited.
It just boggles my mind.
Is it me, or is the screenshot showing those people's blood type (A-, O+, O+)?
Hackers suck!. Some of you guys seem to praise them. Sneaking in strangers bedroom or stealing food from their kitchen must be considered as good manners in your side of the world. Well you don't know how it's like to be getting hacked into. 99% of times hackers hack just to annoy the domain owner and to set the prominence in their community. Nobody bothers to check the damages suffered by the victim.Few of my websites got hacked few days back. Getting them back online was a tiresome job. I researched on the hacker and found he hacks thousands of website everyday without any purpose.
there is such a thing as a grey area, not releasing the info in full is a good thing, releasing enough to verify its true also is, and if he tells how he did it, it can be patched.
getting hacked into and a website is only tiresome if you don't have a plan for when it happens. fix the vulnerabilities and it doesn't happen any more.
Not to mention the the CVV codes...I can make out the last four of a card number, card type, lastname, birthdate, cvv, and expiration date of one person here. Please remove the image.
anyone in the us who gets creditcards stolen and used is not liable for any purchases, and at most its an incontinence, most first world countries base many laws on the us, so most likely they are protected to. having had credit card numbers compromised in the past, i know what im talking about.
I like how they blocked out a portion of the email address and card numbers (poorly i might add) yet their full names and home addresses are posted out in the open. lol
if its for proof that they have the info, than they need to show alot of the info... it gets taken seriously faster this way.
There are very very few hackers out there and this individual is not one of them. "Hacking" has been perverted into something that it never was years and years ago. The rush of gaining access to a system just to prove you could do it is what hacking was all about NOT what is going on now a days. Using software tools and simple techniques (SQL injection anyone) to gain access to a system is not hacking...just a simple script kiddie desperate for attention. These people, Anon for one, aren't doing the public a service they perverted the term hacking into something it never was. Stealing data and posting it online is not hacking. It's people thinking they are big players when in fact they are not. I can teach my 12yo nephew how to do a DDoS attack..lmao.
hacking is about compromising a system.
they did that
some places wont move till you have proof you did it
he provided it
what will most likely happen is a new credit card to everyone on the list that was compromised, and if the card is used, you are not liable.
The fact that my calling Hackers what they are, Criminals resulted in 2 thumbs down.Intersting, so at least 3 members her thing that what this idiot did is not criminal ?This in itself shows where part of the problem with Hackers is; there are simply too many people out there who think that Hackers who steal Databases are 'Heroes' or something.They are not!And once they break into YOUR computer and publish all that 'very personal stuff' YOU have on there to the world; then we will see who is calling the police bercause a 'crime' has been commited.It just boggles my mind.
its a grey area. there are people out there who could really screw your life up with very little infromation... mostly because of social security numbers... hate them because they are used now in ways never intended when they were first issued.
most hackers do this for fun, never go public.
some do it for fun, go public with a how to guide, things get fixed that way.
and it leave less vulnerabilities for the truly malicious to deal with.
i love security measures getting compromised, because it means better ones will be up soon.
but the way you say it, getting into the database is horrible.
i think of it the same way as you just came across a dead body
getting the info, that would be the same as taking a picture,
going any further... well the description i would give would get me a sanction... just realize it would be a real crime.
Last time I checked, revealing private information is criminal. That includes names and home addresses.
Yes Tom's, remove the damn picture. I know best of media gets more money for the hits when people look at this.... But this is VERY poor.taste.
Um... Im not 100% on this but isn't "insert into" an sql query to put data into a database... Not read the data..
A registration form would need inserts, selects and maybe updates. The selects are likely views though, so they would be pretty safe. SQL injection doesn't need selects to work though; it can use any sql.
here's an example (a very simple one that hasn't worked since the first anti-sql injection security came out):
Your php or pearl script grabs the field "username" and stores it in "un". Then it calls the sql statement:
insert into wtvrdatabase (username) values ($un);
If the person filling out the form puts there username as the entire following line:
'wtvrname'); select * from wtvrdatabase;'
this replaces $un and they get access to everything in wtvrdatabase.
it turns into
insert into wtvrdatabase (username) values ('wtvrname'); select * from wtvrdatabase;');
(obviously they would need to send the data somewhere or they would never see the results of the select)
Guys, removing the picture now would be a waste of time. It's already been sent out via RSS feeds and the like. Not to mention it's already posted on other sites.
"Insert into fakenames values"
Well that by itself makes me doubt the legitimacy of the screenshot. :\
Last time I checked, revealing private information is criminal. That includes names and home addresses.
Maybe in fascist Europe but not in the US.
Even in the USA iamking. With your logic I can post your social security number everywhere on the net/public forum without any consequences.
guys it doesn't matter billions of websites have the picture now
guys it doesn't matter billions of websites have the picture now
I used to hold Tom's in a higher standard. However.... I'll throw them in with the rest of the gutter trash that posted this info to begin with.
I'd like to know the person's intentions. If good, they're pushing the limit at what most people will find acceptable for a grey hat (i.e. publicly posting the above screenshot).
Kind of reminds me of how MS thought Win XP had no known vulnerabilities despite repeated warnings from a group that had found a legitimate exploit. MS ignored the warnings and the group released the exploit, which forced a Win XP machine to reboot (because the RPC service was shutdown) whenever it connected to the internet. Ever since then, MS has taken an aggressive stance on patching any holes in their OS's.
If he is stealing blueprint of next gen Intel CPU and send it to AMD to spark up fierce competition/price war between those 2 companies leading to much cheaper CPU. I'll praise him.
Maybe in fascist Europe but not in the US.
Hate to brake your bubble bro' but US is the fascist country these days.
ITT: Posters who don't understand the difference between hacking and cracking.
Calling him a hacker is incorrect.
Calling him a criminal is correct.
Calling him a cracker would be correct.
Oh and I agree strongly with bigdragon. Who cares about emails and credit cards when we could've gotten inside info on Intel's latest fab technologies.