Intel hit by massive 20GB data breach involving confidential data

Posted on Friday, August 07 2020 @ 11:04 CEST by Thomas De Maesschalck
Intel logo
It's a bad day for Intel as the chip giant is the victim of a massive data breach dubbed "exconfidential Lake". Described as a first 20GB release in a series of large Intel leaks, most of the data has reportedly never been published before. It includes documents and files classified as confidential, under NDA, or Intel Restricted Secret.

Swiss IT consultant Till Kottmann received the files via an anonymous source. Here is an overview of what the leak entails:
  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (very horrible) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)
  • Lots of other things


  • Intel is investigating the matter and believes the data was retrieved from a server that hosts data for use by Intel's customers, partners, and other external parties:
    “We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
    ARS Technica writes the original source reportedly found the data on an improperly secured server hosted by Akami CDN after scanning the Internet with the Nmap security scanner:
    source: They have a server hosted online by Akami CDN that wasn't properly secure. After an internet wide nmap scan I found my target port open and went through a list of 370 possible servers based on details that nmap provided with an NSE script.

    source: I used a python script I made to probe different aspects of the server including username defaults and unsecure file/folder access.

    source: The folders were just lying open if you could guess the name of one. Then when you were in the folder you could go back to root and just click into the other folders that you didn't know the name of.

    deletescape: holy shit that's incredibly funny

    source: Best of all, due to another misconfiguration, I could masqurade as any of their employees or make my own user.

    deletescape: LOL

    source: Another funny thing is that on the zip files you may find password protected. Most of them use the password Intel123 or a lowercase intel123

    source: Security at it's finest.
    At the moment, it doesn't seem like something very significant has been found yet in this first batch of data. It's all data that gets shared with Intel partners, so it doesn't contain critical Intel data like CPU design materials.


    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments