Sign in with
Sign up | Sign in

Hacker Says He Compromised Intel, Gained Private Info

By - Source: The Hacker News | B 37 comments

A hacker using the alias Weedgrower claims to have breached Intel.com and acquired names, credit card numbers and more.

A hacker using the pseudonyms "Weedgrower" and "X-pOSed" is claiming that he compromised Intel and obtained sensitive data by using a flaw in the subscriber segment of Intel's web site. With access to the Intel.com database, the hacker claims he can retrieve sensitive information like credit card numbers, social security numbers, email addresses, passwords and more.

"I've got to give some applause to all these pseudo-security technicians out there," the hacker states. "I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I'll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such."

The hacker reportedly plans to reveal the first vulnerability -- and possibly the user information although it's not entirely clear at this point -- if he doesn't hear from Intel.com soon. The Hacker News reports that this first Intel vulnerability is similar to the one found will Dell's website earlier this month which isn't critical but could be used as a tool to leak personal information.

This threat from Weedgrower is taken seriously because of his past experience. Just in 2012 alone, the hacker has infiltrated large commercial sites including AOL, NASA, Hotmail, MySpace, Xbox, USBank, Yahoo and VISA, leaking information from most of these sites. As proof of his recent entry into Intel's database, Weedgrower has provided a screenshot showing an edited list of personal information, as seen below.

So far Intel has not responded to the threat.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 22 Hide
    ringzero , February 10, 2012 5:50 PM
    Am I the only one who thinks he (and Toms) hasn't blocked out enough info in that example?
Other Comments
  • 7 Hide
    Anonymous , February 10, 2012 5:17 PM
    Um... Im not 100% on this but isn't "insert into" an sql query to put data into a database... Not read the data..
  • 6 Hide
    john412smith , February 10, 2012 5:21 PM
    Seems he was importing the data from their database into a dummy one of his own.
  • Display all 37 comments.
  • -3 Hide
    freggo , February 10, 2012 5:44 PM
    "Hacker Says He Compromised Intel, Gained Private Info"

    There is an ERROR in the title !

    Corrected:
    "A Criminal Says He Compromised Intel, Gained Private Info"

  • 22 Hide
    ringzero , February 10, 2012 5:50 PM
    Am I the only one who thinks he (and Toms) hasn't blocked out enough info in that example?
  • 8 Hide
    jaber2 , February 10, 2012 5:53 PM
    Don't hack me bro.
  • 0 Hide
    madooo12 , February 10, 2012 6:15 PM
    ringzeroAm I the only one who thinks he (and Toms) hasn't blocked out enough info in that example?

    me too, credit card numbers and expiary dates aren't hidden

    this is really stupid

    REMOVE THE PICTURE NOW
  • 6 Hide
    rocknrollz , February 10, 2012 6:21 PM
    I think the picture should be removed.
  • 5 Hide
    bigdragon , February 10, 2012 6:26 PM
    I'm more interested in when the Core i7 3930k and 3820 will start appearing in stores where you can actually buy them. I really don't like this rumored delay to March 1st. Too many delays! I'd also like to know more about exactly when Intel wants to release Ivy Bridge. When can I buy a Core i7 3770k? Credit cards, emails, and other stuff out of an Intel database is about the least interesting thing that company stores. I wish you could see me yawning.
  • 0 Hide
    lockhrt999 , February 10, 2012 6:47 PM
    Hackers suck!. Some of you guys seem to praise them. Sneaking in strangers bedroom or stealing food from their kitchen must be considered as good manners in your side of the world.

    Well you don't know how it's like to be getting hacked into. 99% of times hackers hack just to annoy the domain owner and to set the prominence in their community. Nobody bothers to check the damages suffered by the victim.

    Few of my websites got hacked few days back. Getting them back online was a tiresome job. I researched on the hacker and found he hacks thousands of website everyday without any purpose.
  • -4 Hide
    lockhrt999 , February 10, 2012 6:50 PM
    RockNRollzI think the picture should be removed.


    They don't have edit button, they never had.
  • 5 Hide
    datawrecker , February 10, 2012 7:06 PM
    madooo12me too, credit card numbers and expiary dates aren't hiddenthis is really stupidREMOVE THE PICTURE NOW


    Not to mention the the CVV codes...

    I can make out the last four of a card number, card type, lastname, birthdate, cvv, and expiration date of one person here. Please remove the image.
  • -2 Hide
    bourgeoisdude , February 10, 2012 7:14 PM
    Yup, Tom's needs to remove the picture. There's this cool feature in a little program called Acrobat (and countless other programs) that allows for actual redaction of data if they want to go that route.
  • 3 Hide
    CDdude55 , February 10, 2012 7:32 PM
    I like how they blocked out a portion of the email address and card numbers (poorly i might add) yet their full names and home addresses are posted out in the open. lol
  • 3 Hide
    zloginet , February 10, 2012 7:38 PM
    That picture might contain some fake inserted material... like comfystore.com..... I dunno, but they shouldn't have it up either way...
  • 0 Hide
    freggo , February 10, 2012 8:13 PM
    The fact that my calling Hackers what they are, Criminals resulted in 2 thumbs down.
    Intersting, so at least 3 members her thing that what this idiot did is not criminal ?

    This in itself shows where part of the problem with Hackers is; there are simply too many people out there who think that Hackers who steal Databases are 'Heroes' or something.
    They are not!
    And once they break into YOUR computer and publish all that 'very personal stuff' YOU have on there to the world; then we will see who is calling the police bercause a 'crime' has been commited.

    It just boggles my mind.

  • 0 Hide
    Gorethox , February 10, 2012 8:24 PM
    Is it me, or is the screenshot showing those people's blood type (A-, O+, O+)?
  • 4 Hide
    alidan , February 10, 2012 9:00 PM
    lockhrt999Hackers suck!. Some of you guys seem to praise them. Sneaking in strangers bedroom or stealing food from their kitchen must be considered as good manners in your side of the world. Well you don't know how it's like to be getting hacked into. 99% of times hackers hack just to annoy the domain owner and to set the prominence in their community. Nobody bothers to check the damages suffered by the victim.Few of my websites got hacked few days back. Getting them back online was a tiresome job. I researched on the hacker and found he hacks thousands of website everyday without any purpose.


    there is such a thing as a grey area, not releasing the info in full is a good thing, releasing enough to verify its true also is, and if he tells how he did it, it can be patched.

    getting hacked into and a website is only tiresome if you don't have a plan for when it happens. fix the vulnerabilities and it doesn't happen any more.

    datawreckerNot to mention the the CVV codes...I can make out the last four of a card number, card type, lastname, birthdate, cvv, and expiration date of one person here. Please remove the image.


    anyone in the us who gets creditcards stolen and used is not liable for any purchases, and at most its an incontinence, most first world countries base many laws on the us, so most likely they are protected to. having had credit card numbers compromised in the past, i know what im talking about.

    CDdude55I like how they blocked out a portion of the email address and card numbers (poorly i might add) yet their full names and home addresses are posted out in the open. lol


    if its for proof that they have the info, than they need to show alot of the info... it gets taken seriously faster this way.

    otacon72There are very very few hackers out there and this individual is not one of them. "Hacking" has been perverted into something that it never was years and years ago. The rush of gaining access to a system just to prove you could do it is what hacking was all about NOT what is going on now a days. Using software tools and simple techniques (SQL injection anyone) to gain access to a system is not hacking...just a simple script kiddie desperate for attention. These people, Anon for one, aren't doing the public a service they perverted the term hacking into something it never was. Stealing data and posting it online is not hacking. It's people thinking they are big players when in fact they are not. I can teach my 12yo nephew how to do a DDoS attack..lmao.


    hacking is about compromising a system.
    they did that
    some places wont move till you have proof you did it
    he provided it

    what will most likely happen is a new credit card to everyone on the list that was compromised, and if the card is used, you are not liable.

    freggoThe fact that my calling Hackers what they are, Criminals resulted in 2 thumbs down.Intersting, so at least 3 members her thing that what this idiot did is not criminal ?This in itself shows where part of the problem with Hackers is; there are simply too many people out there who think that Hackers who steal Databases are 'Heroes' or something.They are not!And once they break into YOUR computer and publish all that 'very personal stuff' YOU have on there to the world; then we will see who is calling the police bercause a 'crime' has been commited.It just boggles my mind.


    its a grey area. there are people out there who could really screw your life up with very little infromation... mostly because of social security numbers... hate them because they are used now in ways never intended when they were first issued.

    most hackers do this for fun, never go public.
    some do it for fun, go public with a how to guide, things get fixed that way.
    and it leave less vulnerabilities for the truly malicious to deal with.

    i love security measures getting compromised, because it means better ones will be up soon.

    but the way you say it, getting into the database is horrible.
    i think of it the same way as you just came across a dead body

    getting the info, that would be the same as taking a picture,

    going any further... well the description i would give would get me a sanction... just realize it would be a real crime.
  • 0 Hide
    A Bad Day , February 10, 2012 9:38 PM
    Last time I checked, revealing private information is criminal. That includes names and home addresses.
  • 3 Hide
    Saxie81 , February 10, 2012 9:40 PM
    Yes Tom's, remove the damn picture. I know best of media gets more money for the hits when people look at this.... But this is VERY poor.taste.
  • 1 Hide
    slicedtoad , February 10, 2012 9:57 PM
    netwired@gmxcomUm... Im not 100% on this but isn't "insert into" an sql query to put data into a database... Not read the data..

    A registration form would need inserts, selects and maybe updates. The selects are likely views though, so they would be pretty safe. SQL injection doesn't need selects to work though; it can use any sql.

    here's an example (a very simple one that hasn't worked since the first anti-sql injection security came out):
    Your php or pearl script grabs the field "username" and stores it in "un". Then it calls the sql statement:
    insert into wtvrdatabase (username) values ($un);

    If the person filling out the form puts there username as the entire following line:
    'wtvrname'); select * from wtvrdatabase;'
    this replaces $un and they get access to everything in wtvrdatabase.
    it turns into
    insert into wtvrdatabase (username) values ('wtvrname'); select * from wtvrdatabase;');
    (obviously they would need to send the data somewhere or they would never see the results of the select)
Display more comments