- Intel personnel files have disclosed by connection defects, exposing sensitive information from the company
- A single portal manipulated exposed more than 270,000 details of Intel employees
- References coded in hard on internal gates have raised serious safety problems
Sensitive information on each Intel employee would have been accessible to anyone able to operate the weaknesses of the internal sites of the company, said an expert.
The security researcher Eaton Z, who described the faults in a long blog article, found a business card portal used by Intel staff contained a connection system that could be easily manipulated.
By modifying the way the application checked the users, Eaton has managed to access data without the need for valid identification.
A huge scale data file
What started as a small discovery quickly developed because the system has exposed much more information than its function required it. Once the deeper access has been reached, the results have become difficult to reject.
Eaton described the download of a file approaching a size gigabyte which contained the personal details of the 270,000 Employees of Intel.
These recordings included names, roles, managers, addresses and telephone numbers. The leak scale suggests risks beyond simple embarrassment.
The release of such data in bad hands could fuel identity theft, phishing patterns or social engineering attacks.
The situation was not limited to a single vulnerable system, because Eaton reported that three other Intel websites were accessible with similar techniques.
Internal sites such as the portals “Hierarchy of products” and “Inbarnage” contained references coded in hard which were easily deciphered.
Another business connection page for the Intel supplier’s site could also be bypassed.
Together, these weaknesses have formed multiple doors that overlap in the internal environment of the company, a disturbing image for a company that frequently highlights the importance of digital confidence.
Intel was contacted about the problems starting in October 2024, and the company finally corrected faults at the end of February 2025.
However, Eaton did not receive compensation for bug bonuses, as the Intel program excluded these cases under specific conditions.
The only communication of the company was described as an automated answer, raising questions about how disclosure has been managed seriously.
Modern cybersecurity is complex; Organizations can deploy firewall protections and safety suites, but simple supervisors in the design of applications can always expose critical systems.
Even after the application of patches, the incident demonstrates that vulnerabilities are not always exotic defects buried in equipment.
