A cybercrime gang claims that it recently stole 450 gigabytes of data from global chipmaker AMD by merely guessing employees’ terrible passwords.
According to a report from Restore Privacy, the e-crime gang RansomHouse claims to have come into possession of a large trove of AMD’s data and has now published some of it to their “leak site.” Such sites are used by extortionist cybercrime gangs to goad data theft victims into paying ransoms for their stolen information. The data seems to include “network files, system information, as well as AMD passwords,” the outlet reports.
It’s not totally clear how the data was stolen, though the gang has insinuated it was because AMD employees had godawful, useless passwords.
“An era of high-end technology, progress and top security… there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion,” RansomHouse wrote on its website, according to TechCrunch. “It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”
Indeed, the login credentials revealed in the apparent breach appear to have included such well-known terrible passwords such as “123456″ and “Welcome1,” TechCrunch reports, after viewing some of the data. If that’s the case, then about five minutes of password guessing would have probably helped any cybercriminal worth their salt breach the company’s systems.
When reached for comment by Gizmodo, AMD said that it was “aware of a bad actor claiming to be in possession of stolen data from AMD” and that an “investigation is currently underway.” It’s not totally clear whether the gang has asked for a ransom in return for the information, whether the gang is simply leaking the company’s data for the hell of it, or how much of what the gang is saying is true.
RansomHouse is a relatively new gang that appears to have first popped up towards the tail end of 2021. While it seem to resemble a ransomware gang, it is apparently does not actually develop or use any malware, preferring to simply steal data and extort businesses with reams of hijacked information. The gang previously took credit for hacking targets lesser known in the U.S., such as a large African shopping chain called ShopRite and the Saskatchewan Liquor and Gaming Authority.