Grey Hat hacker "WeedGrower" claimed that he hacked into Intel website and gain access to the Database. He found a vulnerability that allows hackers to compromise the user data.
The first vulnerability that will be disclosed is familiar to the Dell vulnerability that was found earlier this month, the vulnerability isn't critical and it can simply be used as a weapon to spill sensitive information. A smart user will get a target to register on this sub-domain, get the users email, replace it with the email that is already licensed, and get the target's information spilled.
Hacker provide a PoC link so that vendor can understand the the vulnerability.
The vulnerability allows hacker to gain sensitive data from database including name,phone number,Credit Card ,Social Security Number .
"I've got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I'll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such." Hacker said.
Hacker reported about the vulnerability to vendor but there is no response from other side so he just disclosed one vulnerability and just showed proof of the other one. "If I don't get a response within 24 hours I'll leak it all. " hacker said.