{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"270,000 Intel Employee Records at Risk from Authentication Bypass and Hardcoded Credentials","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/ed16318f\"></iframe>","width":"100%","height":180,"duration":2188,"description":"In late 2024, Intel faced a major cybersecurity wake-up call when security researcher Eaton Zveare uncovered a series of vulnerabilities inside the company’s internal systems—flaws that exposed employee and supplier data at unprecedented scale. These vulnerabilities, later confirmed and patched by Intel, included authentication bypasses in web applications and the use of hardcoded credentials, some as simple as admin/admin123, across critical platforms.Through these exploits, Zveare demonstrated that it was possible to access sensitive employee information—names, emails, phone numbers, and roles—impacting more than 270,000 Intel workers worldwide, along with potentially confidential supplier details and contracts. While Intel emphasized that no Social Security numbers or highly sensitive data were exposed, the findings underscored the risks of insecure development practices and weak internal controls.One of the most concerning aspects was the use of hardcoded credentials, a long-criticized practice in software development. Embedding usernames and passwords directly in code creates persistent backdoors that attackers can easily exploit. Combined with authentication bypass flaws, the vulnerabilities amounted to a significant security lapse for one of the world’s largest semiconductor companies.Intel acted quickly once notified, patching the vulnerabilities and stating that there was no evidence of a breach or malicious exploitation. Still, the incident raised uncomfortable questions about how such flaws made it into production systems in the first place. Compounding the issue, Zveare’s findings initially fell outside the scope of Intel’s bug bounty program, meaning the researcher was not eligible for a reward despite uncovering critical risks. In response, Intel has since expanded its bug bounty program to include cloud services and SaaS platforms, signaling a stronger commitment to rewarding security researchers and preventing blind spots.The broader implications...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}