Magnet link to leaked Intel database reveals ~90GB content

CloudSEK researchers discover a magnet link to an archive that contains Intel's internal data, including release notes, NDA agreements, etc.
Updated on
April 19, 2023
Published on
August 14, 2020
Subscribe to the latest industry news, threats and resources.
CloudSEK has discovered a data leak that contains the internal data of Intel. The database includes schematics of various processor lines, release notes, NDA agreements and licenses, and internal debugging tools and binaries.   

Discovery of the leak

CloudSEK researchers discovered a magnet link to the archive which was announced on Twitter by user Tillie Kottman (@deletescape). This account has then been suspended, following the incident. The size of the database as mentioned in the tweet is “20+ GB.” However, the actual size of the records is ~90GB.   

The contents of the leak

The sample records contain: 
  • Kabylake BIOS reference code and sample code, initialization code 
  • Intel Consumer Electronics Firmware Development Kit sources
  • Silicon/ FSP source code packages for various platforms
  • Various Intel development and debugging tools
  • Simics simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Intel’s binaries for SpaceX camera drivers
  • Schematics, documents, tools, and firmware data related to the unreleased Tiger Lake platform
  • Kabylake FDK training videos
  • Intel Trace Hub and decoder files for various Intel ME versions
  • Sample code for Elkhart Lake Silicon Reference and Platform 
  • Debug BIOS/TXE builds for various platforms
  • Bootguard SDK 
  • Intel Snowridge/ Snowfish process simulator ADK
  • Intel marketing material templates (InDesign)
  • Apollo Lake Intel(R) TXE
  • APS Software
  • Certificates
  • Lakefield Pets
  • tigerisland-rev1

Data verification and validation 

We were able to confirm the leaked files using the magnet link. Intel Data Leak  


  1. Threat actors use internal tools to debug the existing hardware systems and codes.
  2. The disclosure of schematics could allow attackers to target the hardware. 
  3. Threat actors will be able to conduct further analysis using the published firmware details.

Next steps

Recommendations for affected users:
  1. Pay attention to the vendor’s response for updates.
  2. Don’t open unsolicited email attachments and links, claiming to be from the vendor.
  3. Use strong passwords wherever necessary and avoid password reuse.
  4. Verify access/ permission granted to applications.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations