Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Cisco has confirmed that some files have been stolen from its DevHub environment after a hacker offered to sell information.

Cisco security product

Cisco on Friday confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company.

The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum. The threat actor claimed to have obtained GitHub and SonarQube projects, source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, encryption keys, and other types of information.

IntelBroker claimed to have obtained source code associated with major companies such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile and Bank of America. 

He published several screenshots apparently demonstrating access to management interfaces, internal documents and slideshows, source code, as well as databases storing customer information.

The networking giant launched an investigation after learning of the claims. The probe is ongoing, but as of Friday, Cisco said it was confident its own systems were not breached.

Instead, the company said the hacker obtained the data from a public-facing DevHub environment. DevHub is a content management and marketing solution, and Cisco described the compromised environment as a resource center used to make available source code, scripts and other content for customers.

“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” Cisco said, adding, “As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.”

In response to the incident, Cisco has disabled public access to the impacted website. 

Advertisement. Scroll to continue reading.

IntelBroker is known for targeting major companies and many of them have confirmed a data breach. However, many victims also claimed that the impact of the incident was limited, suggesting that the hacker’s claims had been exaggerated.  

One of the recent victims is Deloitte, which told SecurityWeek after the intrusion came to light that there was no threat to sensitive data. 

Related: Cisco Hacked by Ransomware Gang, Data Stolen

Related: Zscaler Investigates Hacking Claims After Data Offered for Sale

Related: Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info

Related: Europol Investigating Breach After Hacker Offers to Sell Classified Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.