AMD blog taken offline amid hacking claims

AMD has taken its blog offline amid claims that it has been hacked.

A hacking group calling themselves r00tbeer claimed responsibility for the attack just before 7am AEST, defacing the website and posting a message to its own Twitter account. AMD has since taken its blog down, replacing it with a message stating that it is undergoing "routine maintenance".

#AMD - R.I.P blogs.amd.com, database will be released in few minutes. #r00tbeersec

— r00tbeer (@r00tbeer_) August 19, 2012

AMD appeared to be using the popular blogging tool WordPress to power its site. Once broken into, the hackers stole and dumped the WordPress user database. No customer details appear to be present in the leaked database, but it did contain the details of 190 internal accounts. These included usernames, email addresses, hashed passwords and, in some cases, full names of AMD employees or public relations staff that had access to the blog. Only one email address appeared to be a personal account.

The leak included data from July 2010, and as recent as 9 August this year.

WordPress updated how it stores passwords in December 2007, moving from unsalted MD5 hashes to using the password hashing framework phpass. This makes retrieving plain text passwords from the leaked hashes much more difficult, but not completely impossible, given enough time and processing power.

ZDNet contacted AMD regarding the attack, but did not receive a response at the time of writing.