An extortion group known as RansomHouse claims to have more than 450Gb of hacked data from AMD. What's surprising about this latest hack is that the group appears to have acquired this data thanks to AMD using rediculously simple passwords to protect its network from intrusion.
Apparently, at least some of the passwords used were no more complex than 'password.' Yeah, your read that right. It's 2022 and major corporations are still using 'password' for sensitive information. I'm guessing '123456' was one of them, considering some of the startlingly dumb passwords corpos have been caught using recently.
RansomHouse claims that the data was taken back in January 2022 and has provided a data sample as evidence of the hack, which you can view over on Restore Privacy, which originally ran the news. That site has reviewed some of the data, but it isn't clear if the data is genuine or not, so this attack is still officially unverified.
RansomHouse states that it has nothing to do with the breach itself and doesn't produce ransomware or encrypt data, and instead acts as a "professional mediator." It's a fairly new outfit, that appears to have started in December 2021 and lists six companies that it has hacked data from, with AMD being the latest.
It's worth noting that small 'b' after the amount of data stolen as well, as that means gigabits and not gigabytes. 450Gb is just over 56GB of data, assuming that it isn't just a typo in the first place. That isn't a lot, especially for a company as big as AMD, but it obviously depends on what that data pertains to as to how valuable it is.
Best gaming PC: The top pre-built machines from the pros
Best gaming laptop: Perfect notebooks for mobile gaming
AMD reached out to our sister site, Tom's Hardware, to confirm the following, "AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway."
It'll be interesting to see how AMD responds going forward, and ultimately whether it's willing to pay up to protect the data. The company should probably change a few of its passwords either way. Something we should all do, to be honest. Here's a password guide in case you're now sweating in your seat.