- Intel staff records leaked through login flaws, exposing sensitive company information
- A single manipulated portal exposed over 270,000 Intel employee details
- Hardcoded credentials on internal portals raised serious security concerns
Sensitive information about every Intel employee was reportedly available to anyone able to exploit weaknesses in the firm’s internal sites, an expert has claimed.
Security researcher Eaton Z, who described the flaws in a lengthy blog post, found a business card portal used by Intel staff contained a login system which could be easily manipulated.
By altering how the application verified users, Eaton managed to access data without needing valid credentials.
A data file of enormous scale
What began as a small discovery quickly expanded, as the system exposed far more information than its function required. Once deeper access was achieved, the results became difficult to dismiss.
Eaton described downloading a file approaching one gigabyte in size that contained the personal details of Intel’s 270,000 employees.
These records included names, roles, managers, addresses, and phone numbers. The scale of the leak suggests risks beyond simple embarrassment.
The release of such data into the wrong hands could feed identity theft, phishing schemes, or social engineering attacks.
The situation was not limited to a single vulnerable system, as Eaton reported three other Intel websites could be accessed with similar techniques.
Internal sites such as the “Product Hierarchy” and “Product Onboarding” portals contained hardcoded credentials that were easily decrypted.
Another corporate login page for Intel’s supplier site could also be bypassed.
Together, these weaknesses formed multiple overlapping doors into the company’s internal environment, a troubling picture for a business that frequently emphasizes the importance of digital trust.
Intel was contacted about the issues starting in October 2024, and the company eventually fixed the flaws by late February 2025.
However, Eaton did not receive bug bounty compensation, as Intel’s program excluded these cases through specific conditions.
The only communication from the company was described as an automated response, raising questions about how seriously the disclosures were handled.
Modern-day cybersecurity is complex; organizations may deploy firewall protections and security suites, yet simple oversights in application design can still expose critical systems.
Even after patches are applied, the incident demonstrates that vulnerabilities are not always exotic flaws buried in hardware.
Add Comment