- Intel -staff register through login errors and postpone sensitive business information
- A single manipulated portal exposed over 270,000 Intel -Employee Information
- Hardcoded credentials of internal portals raised serious security concerns
Sensitive information about any Intel employee was reportedly available to anyone who was able to exploit weaknesses in the company’s internal places, an expert has claimed.
Security researcher Eaton Z, who described the deficiencies in a long -term blog post, found a business card portal used by Intel staff, contained a login system that could be easily manipulated.
By changing how the application confirmed users, Eaton managed to access data without needing valid credentials.
A data file on a huge scale
What began as a little discovery expanded rapidly as the system exposed far more information than its function required. Once deeper access was obtained, the results became difficult to reject.
Eaton described downloading a file approaching a gigabyte in size containing the personal details of Intel’s 270,000 employees.
These items included names, roles, managers, addresses and phone numbers. The extent of the leak suggests risks beyond simple embarrassment.
The release of such data in the wrong hands could feed identity theft, phishing schemes or social technical attacks.
The situation was not limited to a single vulnerable system when Eaton reported that two other Intel sites could be obtained with similar techniques.
Internal places like “Product Hierarchy” and “Product Onboarding” portals contained hard -coded credentials that were easily decrypted.
Another company’s login page for Intel’s supplier website could also be bypassed.
Together, these weaknesses formed several overlapping doors to the company’s internal environment, a troubled image for a company that often emphasizes the importance of digital trust.
Intel was contacted about the questions that started in October 2024, and the company eventually got the shortcomings at the end of February 2025.
However, Eaton did not receive Bug -Bounty Compensation as Intel’s program excluded these cases through specific matters.
The only communication from the company was described as an automated answer and raised questions about how serious the disclosures were handled.
Modern cyber security is complex; Organizations can implement firewall protection and security suites, yet simple overviews in application design can still postpone critical systems.
Even after patches have been used, the incident shows that vulnerabilities are not always exotic deficiencies buried in hardware.
