当前位置:网站首页>Because the employee set the password to "123456", amd stolen 450gb data?
Because the employee set the password to "123456", amd stolen 450gb data?
2022-07-07 14:29:00 【CSDN information】
Arrangement | Zheng Liyuan
Produce | CSDN(ID:CSDNnews)
Reality tells us , In many cases, life will be far more outrageous than the joke : Because the employee set the password to “123456”, The company leaked 450Gb data —— This sounds very “ Bizarre ” Things about , It actually happened to the chip giant AMD The body of .
Last week, , A group called RansomHouse The blackmail organization claims , From AMD Stole 450Gb data , And everything “ Thanks to AMD Weak password set by employees ”.
One 、 No “ Blackmail software organizations ”, It is “ Professional mediator ”
RansomHouse As early as 2021 year 12 The month began to be active , At that time, it leaked the alcohol and gambling administration of Saskatchewan, Canada (SLGA) The data of , thus “ An instant hit ”.
Compared with other cyber criminal organizations ,RansomHouse There are some “ special ”. It doesn't think of itself as a “ Blackmail software organizations ”, Instead, define yourself as “ Professional mediator ”, It also said that it had never produced blackmail software or encrypted data :
We have nothing to do with any violations , Nor does it produce or use any blackmail software . Our main goal is to minimize possible damage to interested parties .RansomHouse Members prefer common sense 、 Good conflict management and wise negotiation , In an effort to fulfill the obligations of all parties , Instead of an unproductive argument . These are all to promote friendly agreements 、 Even the necessary and sufficient principles necessary for fruitful friendly cooperation .
Despite this self introduction, no matter how “ Fresh and refined ”,RansomHouse The behavior of invading companies to steal data is still one after another : Forefoot just claimed that from Africa's largest retailer Shoprite To obtain the 600 GB data , The hind foot is still in the mood to disclose the next invaded company , stay Telegram Post riddles on :
We have prepared a new surprise ! First , Here is a little puzzle for you : The first person to unlock it will get relevant links . that , Please say the name of this company :
1) Almost everyone knows
2) Name by 3 Letter composition
3) The first letter is A
Just write your guess on this channel , Then you can get a link in your private email .
Then a week later ,RansomHouse Published the answer :AMD, And added “ You will be amazed at how they protect their security ”.
Two 、“ All thanks to these passwords ”
According to the RansomHouse Express , As early as 2022 year 1 It has successfully invaded in August AMD The internal network of , Stole “ exceed 450 Gb” The data of . So ,RansomHouse A data sample was also released as evidence , This includes network files 、 System information and weak password documents :
RansomHouse Write... On its website :“ This is a high-tech 、 An era of progress and high security , This sentence is of great significance to people . But when like AMD Such technology giants use simple passwords , If used ‘password’ To protect its network from intrusion , This sentence seems to remain only on the surface of beauty . It's a pity , This is it. AMD The real password used by employees , Yes AMD It's even more humiliating for the security department , Because of the documents we stole , They also received a large amount of construction funds —— All this is due to these weak passwords .”
Originally thought RansomHouse The statement of is just “ Exaggerate ”, But according to TechCrunch The analysis results of its public data samples show that ,RansomHouse It's not a joke : part AMD The password used by employees is indeed too simple , Such as “password”、“123456” and “Welcome1” wait —— For hackers , intrusion AMD The internal system is as easy as a palm .
But this is also more confusing :AMD Such a big chip giant , There is no security check on its system to ensure that employees use strong passwords ? Or say , Get into AMD No other steps are required for the internal system , Just need a password ?
“AMD And any high-tech company should require multi factor authentication against phishing for all logins . If you can't use MFA, It also requires a strong and unique password .” One from the safety awareness training platform KnowBe4 Expert Roger Grimes Express :“ Ironically ,AMD Employees are still using things like ’password’ Such a password to access critical Networks , This is really incomprehensible .”
3、 ... and 、AMD: An investigation is under way
stay RansomHouse Declare “ The mystery ” That day ,AMD In response :“AMD Know that some lawbreakers claim to have from AMD Stolen data , An investigation is under way .” But about whether the ransom is required 、 Which systems have become targets 、 Whether customer data is accessed 、 Whether password security measures are set ,AMD All refuse to answer .
take the reverse into consideration RansomHouse The home page “ The victim ” list , add AMD Then there are six , The last two are Shoprite and AMD:
Besides , from RansomHouse From the description of this list , The main purpose of stealing data is for money :“ These companies either believe that their economic interests outweigh the interests of entrusting data to others , Or choose to hide the fact that their data has been leaked .”
But according to BleepingComputer reports ,RansomHouse No direct contact AMD Asking for ransom , Instead, they intend to sell data to other entities or their competitors , Because it will “ More valuable ”.
Last , You are right about AMD What's your opinion on the event of data disclosure caused by employees' weak passwords ?
Reference link :
https://restoreprivacy.com/ransomhouse-group-amd-advanced-micro-devices/
https://www.bleepingcomputer.com/news/security/amd-investigates-ransomhouse-hack-claims-theft-of-450gb-data/
https://techcrunch.com/2022/06/28/amd-extortion-ransomhouse/
边栏推荐
- Is the spare money in your hand better to fry stocks or buy financial products?
- 内部排序——插入排序
- Environment configuration
- ARM Cortex-A9,MCIMX6U7CVM08AD 处理器应用
- Introduction to sakt method
- 小米的芯片自研之路
- 关于后台动态模板添加内容的总结 Builder使用
- Navigation — 这么好用的导航框架你确定不来看看?
- 半小时『直播连麦搭建』动手实战,大学生技术岗位简历加分项get!
- Similarities and differences between switches and routers
猜你喜欢
Ian Goodfellow, the inventor of Gan, officially joined deepmind as research scientist
UML state diagram
Use case diagram
Data flow diagram, data dictionary
UML 状态图
Introduction to sakt method
最长上升子序列模型 AcWing 1012. 友好城市
Pert diagram (engineering network diagram)
Leetcode one question per day (636. exclusive time of functions)
leetcode:648. 单词替换【字典树板子 + 寻找若干前缀中的最短符合前缀】
随机推荐
Navigation — 这么好用的导航框架你确定不来看看?
一个程序员的水平能差到什么程度?尼玛,都是人才呀...
WPF DataGrid realizes the UI interface to respond to a data change in a single line
IP address home location query
Csma/cd carrier monitoring multipoint access / collision detection protocol
Mlgo: Google AI releases industrial compiler optimized machine learning framework
Introduction to sakt method
GVIM [III] [u vimrc configuration]
Excuse me, as shown in the figure, the python cloud function prompt uses the pymysql module. What's the matter?
Decrypt the three dimensional design of the game
c#通过frame 和 page 切换页面
半小时『直播连麦搭建』动手实战,大学生技术岗位简历加分项get!
Bashrc and profile
LeetCode每日一题(636. Exclusive Time of Functions)
全球首款 RISC-V 笔记本电脑开启预售,专为元宇宙而生!
云上“视界” 创新无限 | 2022阿里云直播峰会正式上线
UML state diagram
JS get the current time, month, day, year, and the uniapp location applet opens the map to select the location
OAuth 2.0 + JWT protect API security
Environment configuration