Hacker says they were able to download data on all 270,000 Intel employees - from an internal site

News
By published

Flaws spread across multiple Intel sites, creating overlapping system weaknesses

A hacker wearing a hoodie sitting at a computer, his face hidden.
(Image credit: Shutterstock / Who is Danny)
  • Intel staff records leaked through login flaws, exposing sensitive company information
  • A single manipulated portal exposed over 270,000 Intel employee details
  • Hardcoded credentials on internal portals raised serious security concerns

Sensitive information about every Intel employee was reportedly available to anyone able to exploit weaknesses in the firm’s internal sites, an expert has claimed.

Security researcher Eaton Z, who described the flaws in a lengthy blog post, found a business card portal used by Intel staff contained a login system which could be easily manipulated.

By altering how the application verified users, Eaton managed to access data without needing valid credentials.

A data file of enormous scale

What began as a small discovery quickly expanded, as the system exposed far more information than its function required. Once deeper access was achieved, the results became difficult to dismiss.

Eaton described downloading a file approaching one gigabyte in size that contained the personal details of Intel’s 270,000 employees.

These records included names, roles, managers, addresses, and phone numbers. The scale of the leak suggests risks beyond simple embarrassment.

The release of such data into the wrong hands could feed identity theft, phishing schemes, or social engineering attacks.

The situation was not limited to a single vulnerable system, as Eaton reported three other Intel websites could be accessed with similar techniques.

Internal sites such as the “Product Hierarchy” and “Product Onboarding” portals contained hardcoded credentials that were easily decrypted.

Another corporate login page for Intel’s supplier site could also be bypassed.

Together, these weaknesses formed multiple overlapping doors into the company’s internal environment, a troubling picture for a business that frequently emphasizes the importance of digital trust.

Intel was contacted about the issues starting in October 2024, and the company eventually fixed the flaws by late February 2025.

However, Eaton did not receive bug bounty compensation, as Intel’s program excluded these cases through specific conditions.

The only communication from the company was described as an automated response, raising questions about how seriously the disclosures were handled.

Modern-day cybersecurity is complex; organizations may deploy firewall protections and security suites, yet simple oversights in application design can still expose critical systems.

Even after patches are applied, the incident demonstrates that vulnerabilities are not always exotic flaws buried in hardware.

You might also like

TOPICS
Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.