Hacker Says He Compromised Intel, Gained Private Info
A hacker using the alias Weedgrower claims to have breached Intel.com and acquired names, credit card numbers and more.
A hacker using the pseudonyms "Weedgrower" and "X-pOSed" is claiming that he compromised Intel and obtained sensitive data by using a flaw in the subscriber segment of Intel's web site. With access to the Intel.com database, the hacker claims he can retrieve sensitive information like credit card numbers, social security numbers, email addresses, passwords and more.
"I've got to give some applause to all these pseudo-security technicians out there," the hacker states. "I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I'll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such."
The hacker reportedly plans to reveal the first vulnerability -- and possibly the user information although it's not entirely clear at this point -- if he doesn't hear from Intel.com soon. The Hacker News reports that this first Intel vulnerability is similar to the one found will Dell's website earlier this month which isn't critical but could be used as a tool to leak personal information.
This threat from Weedgrower is taken seriously because of his past experience. Just in 2012 alone, the hacker has infiltrated large commercial sites including AOL, NASA, Hotmail, MySpace, Xbox, USBank, Yahoo and VISA, leaking information from most of these sites. As proof of his recent entry into Intel's database, Weedgrower has provided a screenshot showing an edited list of personal information, as seen below.
So far Intel has not responded to the threat.

There is an ERROR in the title !
Corrected:
"A Criminal Says He Compromised Intel, Gained Private Info"
me too, credit card numbers and expiary dates aren't hidden
this is really stupid
REMOVE THE PICTURE NOW
Well you don't know how it's like to be getting hacked into. 99% of times hackers hack just to annoy the domain owner and to set the prominence in their community. Nobody bothers to check the damages suffered by the victim.
Few of my websites got hacked few days back. Getting them back online was a tiresome job. I researched on the hacker and found he hacks thousands of website everyday without any purpose.
They don't have edit button, they never had.
Not to mention the the CVV codes...
I can make out the last four of a card number, card type, lastname, birthdate, cvv, and expiration date of one person here. Please remove the image.
Intersting, so at least 3 members her thing that what this idiot did is not criminal ?
This in itself shows where part of the problem with Hackers is; there are simply too many people out there who think that Hackers who steal Databases are 'Heroes' or something.
They are not!
And once they break into YOUR computer and publish all that 'very personal stuff' YOU have on there to the world; then we will see who is calling the police bercause a 'crime' has been commited.
It just boggles my mind.
there is such a thing as a grey area, not releasing the info in full is a good thing, releasing enough to verify its true also is, and if he tells how he did it, it can be patched.
getting hacked into and a website is only tiresome if you don't have a plan for when it happens. fix the vulnerabilities and it doesn't happen any more.
anyone in the us who gets creditcards stolen and used is not liable for any purchases, and at most its an incontinence, most first world countries base many laws on the us, so most likely they are protected to. having had credit card numbers compromised in the past, i know what im talking about.
if its for proof that they have the info, than they need to show alot of the info... it gets taken seriously faster this way.
hacking is about compromising a system.
they did that
some places wont move till you have proof you did it
he provided it
what will most likely happen is a new credit card to everyone on the list that was compromised, and if the card is used, you are not liable.
its a grey area. there are people out there who could really screw your life up with very little infromation... mostly because of social security numbers... hate them because they are used now in ways never intended when they were first issued.
most hackers do this for fun, never go public.
some do it for fun, go public with a how to guide, things get fixed that way.
and it leave less vulnerabilities for the truly malicious to deal with.
i love security measures getting compromised, because it means better ones will be up soon.
but the way you say it, getting into the database is horrible.
i think of it the same way as you just came across a dead body
getting the info, that would be the same as taking a picture,
going any further... well the description i would give would get me a sanction... just realize it would be a real crime.
A registration form would need inserts, selects and maybe updates. The selects are likely views though, so they would be pretty safe. SQL injection doesn't need selects to work though; it can use any sql.
here's an example (a very simple one that hasn't worked since the first anti-sql injection security came out):
Your php or pearl script grabs the field "username" and stores it in "un". Then it calls the sql statement:
insert into wtvrdatabase (username) values ($un);
If the person filling out the form puts there username as the entire following line:
'wtvrname'); select * from wtvrdatabase;'
this replaces $un and they get access to everything in wtvrdatabase.
it turns into
insert into wtvrdatabase (username) values ('wtvrname'); select * from wtvrdatabase;');
(obviously they would need to send the data somewhere or they would never see the results of the select)