Security researcher Eaton Zveare uncovered four vulnerabilities across Intel’s internal systems, exposing personal data of over 270,000 employees. The breach began with Intel’s business card ordering site in India, where a single API request returned nearly 1GB of employee details due to weak client-side authentication.
Zveare also accessed Intel’s Hierarchy Management site using a hardcoded, easily decrypted admin password. Another system, the Product Onboarding site, leaked plain-text API credentials in its JavaScript files. Lastly, Intel’s SEIMS platform allowed full access to supplier documents and employee data after minor code tweaks.
Despite responsibly reporting the flaws, Zveare received only one automated thank-you email. Intel resolved the issues after 90 days, and the researcher published his findings months later. He criticized the lack of recognition for web-based vulnerabilities, though Intel has since expanded its bug bounty program to include service-related flaws.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
