A hacker calling himself r00tbeer, supposedly representing a four-strong hacker group calling itself r00tbeersec, has announced on Twitter a hack of chip vendor and Intel rival AMD.
After bragging just over a day ago that “our next target will be a large company, stay tuned for the upcoming database dump,” the mighty hackers lived up to their promise. Earlier today they leaked a complete SQL database dump totalling nearly thirty-two KB.
(Yes. You read that correctly. It’s just under 32 kilobytes in the new measuring system, and just over 30 kibibytes, as today’s youth – who wouldn’t know a power of two if it chopped them in half – like to call the old units.)
It’s a SQL database of 189 usernames and and what look like PHPass-hashed passwords, apparently retrieved by foul means from AMD’s WordPress-driven blog site.
185 of the usernames are accompanied by email addresses, of which 174 are from AMD and most of the rest from two PR companies, edelman.com and bitecommunications.com. A reminder to the PR guys: if you work on the AMD account and you’ve been using the same password on other sites, stop doing that!
A few of the records also include an intriguing – but unexplained – field called user_activation_key. Whatever those are, it would be a good idea for AMD to deactivate them and issue new ones.
All in all, a small deal in the history of security breaches. More of a hackette than a hack, and no AMD customers need to panic, which is good news.
But every hack is, at its heart, bad news.
If only we were collectively more conscientious about patching against criminals, and if only those criminals were more likely to be caught!
Of course – since, where hacking is concerned, an injury to one is an injury to all – the vast majority of Internet Good Guys amongst us can help make both those things come true.
Here’s some frank talk to tell you why:
(Duration 15’25”, size 11MBytes)