AMD has confirmed that it is investigating a potential data breach by RansomHouse, a new data cybercrime operation that claims to have extorted 450 GB of data from the company. A portion of the stolen data seen by TechCrunch would suggest that RansomHouse did successfully reach AMD’s security, some of which can reveal red team’s employees have been using extremely weak passwords, including “password,” “123456,” and “Welcome1.” It’s unclear whether RansomHouse has sent any ransom demands yet, but the group claims that it isn’t a “ransomware” group, having described itself as more of a “professional mediators community” that doesn’t produce ransomware and is more about minimizing “the damage that might be sustained by related parties.” RansomHouse’s previous targets include Shoprite, Africa’s largest retailer.
“An era of high-end technology, progress and top security… there’s so much in these words for the crowds,” a message on RansomHouse’s data leak site reads. “But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion. It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords.”
An AMD spokesperson told TechCrunch that the company “is aware of a bad actor claiming to be in possession of stolen data,” adding that “an investigation is currently underway.”
RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa’s largest retailer, claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization