Virtual Event Now Live: Threat Detection and Incident Response (TDIR) Summit
Connect with us

Hi, what are you looking for?


Data Breaches

Zscaler Confirms Only Isolated Test Server Was Hacked

Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.


Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was impacted.

On May 8, a hacker known as IntelBroker offered to sell access to the systems of one of the largest cybersecurity companies, which he did not immediately name. The black hat offered to sell credentials, passkeys and certificates for a total price of $20,000 in cryptocurrency.  

He separately confirmed that the target was Zscaler and later claimed that the data had been sold. After the sale of the data was announced, IntelBroker posted several screenshots showing that Zscaler was the victim, as well as some of the compromised credentials.

Zscaler immediately launched an investigation and determined that the breach did not impact customer, production or corporate environments. It quickly found an internet-exposed test environment, but did not specifically say whether that was the hacker’s target.

Outside incident response experts were also called in to conduct an investigation. 

Early on Tuesday, May 14, Zscaler announced completing its investigation and confirmed that the test environment was indeed impacted.

“The impact was limited to an isolated single server test environment (without customer data) not hosted on Zscaler infrastructure,” Zscaler said. “The independent third-party IR investigation, which conducted forensic analysis of the incident, is also complete, and the third-party findings are consistent with those of Zscaler.”

IntelBroker has been offering to sell data allegedly stolen from government organizations and high-profile companies since at least late 2022. One of his most recent victims is Europol, from which the hacker claimed to have stolen classified information. 

Advertisement. Scroll to continue reading.

Europol is investigating the incident, but it appears that only a law enforcement information sharing platform was impacted. 

While in many cases the organizations targeted by IntelBroker have confirmed a data breach, the hacker’s claims often seem exaggerated. 

*updated wording describing impact

Related: Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums

Related: Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware

Related: List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights