AMD has disclosed that in December 2019 they were contacted by someone in possession of test files related to the development of future graphics products. These files were posted online and then later taken down. This person is said to have additional files as well, but AMD maintains that the data breach won’t affect the competitiveness or security of their upcoming graphics processors. AMD is working closely with law enforcement as part of the criminal investigation into the incident.
Here is AMD’s statement on the matter:
At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down. While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP. We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.
The person behind the data breach posted the files onto a GitHub repository by the handle “xxXsoullessXxx,” and titled “AMD-navi-GPU-HARDWARE-SOURCE.” These files contained code that pointed to “Navi 10”, “Navi 21”, and “Arden”. Navi 10 is of course RDNA1, Navi 21 is RDNA2, and Arden is the internal codename for the GPU of the Xbox Series X, which is also based on RDNA2.
According to a report by Torrent Freak report, AMD used the Digital Millennium Copyright Act (DMCA) to take down the leaked information. Following the DMCA complaint from AMD, GitHub’s admins promptly took the files down.
Torrent Freak was also in contact with the person who leaked the data. “In November 2019, I found AMD Navi GPU hardware source codes in a hacked computer. The user didn’t take any effective action against the leak of the codes”. “The source code was unexpectedly achieved from an unprotected computer//server through some exploits. I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.” The leaker values the information at around $100 million, and is willing to sell it to the highest bidder. “If I get no buyer I will just leak everything,” she told Torrent Freak.