Intel has reported a data breach after company’s confidential documents made it to the internet. The company has said that it has opened an investigation into the data breach that allowed hackers to get away with 20 GB worth of internal documents marked “confidential” or “restricted secret”.
The data dump was published on online file sharing website MEGA by Till Kottmann, a Swiss software engineer who received it from an anonymous hacker. He noted that the data dump is a part of a a multi-part series of Intel-related leaks. ZDNet was able to verify the authenticity of the claims with unnamed security researchers who are familiar with Intel CPUs. Below is a summary of the leaked files, as provided by Kottmann:
– Intel ME Bringup guides + (flash) tooling + samples for various platforms
– Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
– Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
– Silicon / FSP source code packages for various platforms
– Various Intel Development and Debugging Tools
– Simics Simulation for Rocket Lake S and potentially other platforms
– Various roadmaps and other documents
– Binaries for Camera drivers Intel made for SpaceX
– Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
– (very horrible) Kabylake FDK training videos
– Intel Trace Hub + decoder files for various Intel ME versions
– Elkhart Lake Silicon Reference and Platform Sample Code
– Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
– Debug BIOS/TXE builds for various Platforms
– Bootguard SDK (encrypted zip)
– Intel Snowridge / Snowfish Process Simulator ADK
– Various schematics
– Intel Marketing Material Templates (InDesign)
Fortunately, private customer data has not leaked online but the hacker told the Swiss software engineer that this is just part one of a larger data dump indicating that the hacker has access to files that were not leaked today.
We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.