Intel is investigating a security breach that has precipitated 20GB of its internal documents, some marked "confidential" and "restricted secret," being published on file sharing site Mega. The upload was created by Swiss software engineer Tim Kottmann, who let the Twitterverse know about the leaked document cache yesterday evening. Sharing 'accidentally' leaked data from major tech companies is something Kottmann does regularly and he has gained a following for it.
Kottmann followed up his initial Tweet by saying that the documents had been given to him by an anonymous source. The source says he breached Intel security to acquire the documents earlier this year. According to Kottmann, most of the files in the 20GB archive "have NOT been published ANYWHERE before". A snippet showing some of the contents was shared to illustrate the extent of the leak.
Tech site ZDNet dutifully downloaded the archive of files from Mega to ponder over the contents and basically confirmed the file list screenshot I have embedded above is indeed representative of the contents. ZDNet also got some security researchers to check though the document cache. In summary, the documents were judged authentic and contain technical specs, product guides, and manuals for CPUs dating back to 2016. On a positive note for Intel, there didn't seem to be any sensitive customer or employee data exposed.
Since the leak went public Intel has responded with an official statement. As the statement is short, I have reproduced it in full below:
"We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data."
However, the data leak may be being underplayed by Intel, as there are some important files for hackers like firmware blobs that could be used for reverse engineering and so on. Incidentally, Intel presentation slide and roadmap templates being readily available might make it easier for pranksters to create fake leaks and similar mischief.