A cybersecurity report published last month revealed the passwords most commonly used by business owners and executives, and topping this list were “123456” and “password.” The commonality of such remarkably weak passwords among not just ordinary users, but high-ranking executives of large corporations is almost laughable, if not for the fact that we regularly entrust these companies with our personal information. The possibility that the only line of defense against a data breach may be a flimsy, easily-guessable password should be cause for concern. And unfortunately, If a notice posted by RansomHouse is to be believed, passwords of this kind allowed hackers to breach the internal networks of AMD and exfiltrate a large data haul.
RansomHouse presents itself as a community of professional mediators intended to help negotiate payment between hackers and affected companies. Despite its name, RandomHouse asserts that it “[has] nothing to do with any breaches and [doesn’t] produce or use any ransomware.” The group’s mission statement states that RansomHouse instead exists to ensure constructive conflict resolution between parties involved in data breaches and to highlight poor security practices that put customers’ data at risk.
The group posts data breach notices to its dedicated leak site in a manner similar to ransomware gangs, posting samples of stolen data as evidence of data breaches and threatening to release further stolen data if the breached companies don’t pay a ransom. However, RansomHouse maintains that the data posted on its site is submitted by unrelated hackers that wish to cooperate with the affected companies. As can be seen in the image above, RansomHouse has claimed AMD as a victim of a recent data breach.
RansomHouse also moderates a public Telegram channel where the group posts data breach notices and additional updates and information. Last week, the group posted a riddle, prompting readers to guess the name of the next data breach victim, with the answer being AMD. Then, at the beginning of this week, RansomHouse posted to its Telegram channel saying that someone guessed the correct answer and received early access to the sample of data stolen from AMD. The group posted the data sample to its .onion site the next day.
The data sample contains a long list of usernames paired with weak passwords that RansomHouse blames for the data breach. According to the notice, the hackers responsible for the data breach managed to exfiltrate more than 450Gb (56GB) of data, which RansomHouse threatens publish sometime in the near future unless AMD negotiates a deal with RansomHouse and the hackers.
AMD has yet to confirm this data breach, but provided the following statement to RestorePrivacy: “AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.”
Earlier this year, one of AMD’s competitors, NVIDIA, suffered a data breach conducted by the hacking group LAPSUS$. LAPSUS$ claimed to have stolen 1TB of data from NVIDIA, but released only a 20GB sample before all the members of the group were arrested a month later. Interestingly, LAPSUS$’ public Telegram channel included posts promoting RansomHouse, which may point to some kind of connection between the two groups. The hacking group FIN8 also mentioned RansomHouse in its ransom notes for the White Rabbit ransomware discovered by Trend Micro earlier this year.