A hacker using the pseudonyms "Weedgrower" and "X-pOSed" is claiming that he compromised Intel and obtained sensitive data by using a flaw in the subscriber segment of Intel's web site. With access to the Intel.com database, the hacker claims he can retrieve sensitive information like credit card numbers, social security numbers, email addresses, passwords and more.
"I've got to give some applause to all these pseudo-security technicians out there," the hacker states. "I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I'll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such."
The hacker reportedly plans to reveal the first vulnerability -- and possibly the user information although it's not entirely clear at this point -- if he doesn't hear from Intel.com soon. The Hacker News reports that this first Intel vulnerability is similar to the one found will Dell's website earlier this month which isn't critical but could be used as a tool to leak personal information.
This threat from Weedgrower is taken seriously because of his past experience. Just in 2012 alone, the hacker has infiltrated large commercial sites including AOL, NASA, Hotmail, MySpace, Xbox, USBank, Yahoo and VISA, leaking information from most of these sites. As proof of his recent entry into Intel's database, Weedgrower has provided a screenshot showing an edited list of personal information, as seen below.
So far Intel has not responded to the threat.
