- Author|Sina Technology
- Source|China IDC Circle
- Release time|2021-01-27
According to reports, last week, Intel claimed that the leakage of sensitive financial information on its website was caused by a "hacking attack." Recently, Intel has provided a new explanation on the matter, admitting that the problem stems from a defect in its own publishing process.
Intel's data breach occurred last Thursday. The company plans to announce a particularly strong fourth-quarter financial report after the market closes that day. On that day, Intel's stock price rose steadily during the session. In the last few minutes before the market closed, Intel hurriedly released its earnings report in advance, and the stock price rose sharply afterwards.
The company's chief financial officer George Davis (George Davis) said that Intel took immediate action after discovering that the site was "hacked." The attack resulted in the outflow of infographics containing details of the company's many financial reports. Intel said at the time that it was investigating the matter, but did not disclose that the problem may lie in the company's own processes.
Intel later disclosed that the information was "inadvertently disclosed to the outside world" before it was "accessed by a third party."
Intel stated that its “network has not been attacked, and we have adjusted the release process to prevent the same problem from happening again.”
It is believed that the leaked infographic is "ready" to be released by the company, which includes adding a URL. The infographic is not published on Intel's investor website, which means that there is no link to the information for the time being. However, anyone who guesses the URL can see this chart information. Intel uses very similar URLs to disclose financial information every quarter, which makes it relatively easy for outsiders to guess the URL.
American cybersecurity expert Bruce Schneier said that the leak was due to the company’s own negligence, which made it easy for the outside world to obtain information. Intel’s initial explanation was a "hacking attack," which was an excuse. Not convincing.
Schneier also added that although the court had previously determined that the act of guessing the URL of unpublished information violated the "Computer Fraud and Abuse Act", that is, it is illegal for anyone to "exceed his authority" when accessing a computer system. Schnell compares it to this as if someone first "turned the doorknob" to see if the door was unlocked.
Currently, other companies use tiny and easy-to-guess variables on common URLs. The flaws this time also sounded the alarm for these companies.
