Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Cisco has confirmed that some files have been stolen from its DevHub environment after a hacker offered to sell information.

Cisco hacked

Cisco on Friday confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company.

The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum. The threat actor claimed to have obtained GitHub and SonarQube projects, source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, encryption keys, and other types of information.

IntelBroker claimed to have obtained source code associated with major companies such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile and Bank of America. 

He published several screenshots apparently demonstrating access to management interfaces, internal documents and slideshows, source code, as well as databases storing customer information.

The networking giant launched an investigation after learning of the claims. The probe is ongoing, but as of Friday, Cisco said it was confident its own systems were not breached.

Instead, the company said the hacker obtained the data from a public-facing DevHub environment. DevHub is a content management and marketing solution, and Cisco described the compromised environment as a resource center used to make available source code, scripts and other content for customers.

Advertisement. Scroll to continue reading.

“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” Cisco said, adding, “As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.”

In response to the incident, Cisco has disabled public access to the impacted website. 

IntelBroker is known for targeting major companies and many of them have confirmed a data breach. However, many victims also claimed that the impact of the incident was limited, suggesting that the hacker’s claims had been exaggerated.  

One of the recent victims is Deloitte, which told SecurityWeek after the intrusion came to light that there was no threat to sensitive data. 

Related: Cisco Hacked by Ransomware Gang, Data Stolen

Related: Zscaler Investigates Hacking Claims After Data Offered for Sale

Related: Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info

Related: Europol Investigating Breach After Hacker Offers to Sell Classified Data

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.