Intel Websites Compromised, Allowing Hackers Access to Employee and Confidential Data

A series of critical security flaws in Intel’s internal web infrastructure exposed the personal details of more than 270,000 employees and potentially provided attackers with access to sensitive corporate and supplier information.

The discoveries highlight severe weaknesses across multiple Intel-owned websites, raising broader concerns about the company’s handling of web application security.

According to security research findings that surfaced this week, four separate internal Intel systems were exploitable, offering multiple paths to exfiltrate the full global employee directory and, in some cases, to escalate into full administrative access.

• Business Card Ordering Website: A corporate portal maintained by Intel India Operations contained a login bypass that allowed attackers to sidestep Microsoft Azure authentication. By manipulating the application, researchers were able to pull API tokens anonymously and ultimately download a nearly 1 GB JSON file containing the details of every Intel worker worldwide.
• Hierarchy Management Portal: Another site used ...