Silicon Valley’s AMD hack due to workers’ awful passwords

The semiconductor giant confirmed the digital break-in a statement to media outlets. “On June 27, we became aware that a cybercriminal organization by the name of RansomHouse claimed to be in possession of data stolen from AMD,” the statement, sent to SFGATE on Thursday morning, reads. “We are investigating the claim and are in contact with law enforcement officials.”

The company did not respond when asked why employees at a multinational manufacturer are not subject to standard password protection rules, like regularly changing passwords or having to include numbers and symbols inside a password.

“It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on — all thanks to these passwords,” a note published by RansomHouse read, according to TechCrunch.

The Silicon Valley microchip manufacturer has long been Intel’s primary rival in the CPU market; it should have had some semblance of password security in place given its stature.

Christofer Hoff, an executive at password manager service LastPass, told SFGATE that breaches such as this one “are easily avoided if even the most basic of hygiene and security rules are followed.”

“Poor password hygiene and a failure to use sound password management policies, processes and enabling technology pose serious threats to businesses that often result in costly data breaches,” Hoff told SFGATE in a statement.

It also appears that more of these breaches are in the pipeline. RansomHouse has gained a reputation for targeting large organizations, leaking data from one of Africa’s largest grocers and a Canadian government agency since late last year.