Particle.news
Download on the App Store
3 ARTICLES
·
last wk.

Researcher Details Intel Web Flaws That Could Have Exposed Data on 270,000 Workers

Intel says the portals were fixed by February with no evidence of unauthorized access.

A broken lock on a PCB.
Intel vulnerabilities

Overview

  • Eaton Zveare reported that an authentication bypass on an Intel India business‑card portal opened access to a global employee directory.
  • By removing an API URL filter, the researcher says he retrieved a nearly 1GB JSON file containing names, emails, phone numbers, roles, and manager details, but not Social Security numbers or salary data.
  • He also found two internal sites with easily decrypted hardcoded credentials and a supplier management portal with an authentication bypass that could expose confidential supplier information.
  • The issues were reported in October 2024 and remediated by late February 2025, after which the researcher publicly released the "Intel Outside" findings in August 2025.
  • Intel states there was no breach or unauthorized access and has since expanded its bug bounty to cover certain cloud and SaaS services with rewards up to $5,000, while the affected internal portals were previously out of scope.