Data Breaches

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Cisco has confirmed that some files have been stolen from its DevHub environment after a hacker offered to sell information.

Cisco hacked

Cisco on Friday confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company.

The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum. The threat actor claimed to have obtained GitHub and SonarQube projects, source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, encryption keys, and other types of information.

IntelBroker claimed to have obtained source code associated with major companies such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile and Bank of America. 

He published several screenshots apparently demonstrating access to management interfaces, internal documents and slideshows, source code, as well as databases storing customer information.

The networking giant launched an investigation after learning of the claims. The probe is ongoing, but as of Friday, Cisco said it was confident its own systems were not breached.

Instead, the company said the hacker obtained the data from a public-facing DevHub environment. DevHub is a content management and marketing solution, and Cisco described the compromised environment as a resource center used to make available source code, scripts and other content for customers.

Advertisement. Scroll to continue reading.

“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” Cisco said, adding, “As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.”

In response to the incident, Cisco has disabled public access to the impacted website. 

IntelBroker is known for targeting major companies and many of them have confirmed a data breach. However, many victims also claimed that the impact of the incident was limited, suggesting that the hacker’s claims had been exaggerated.  

One of the recent victims is Deloitte, which told SecurityWeek after the intrusion came to light that there was no threat to sensitive data. 

Related: Cisco Hacked by Ransomware Gang, Data Stolen

Related: Zscaler Investigates Hacking Claims After Data Offered for Sale

Related: Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info

Related: Europol Investigating Breach After Hacker Offers to Sell Classified Data

Related Content

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version