The Information Highway

The Information Highway

Font size: +
2 minutes reading time (411 words)

Cisco takes DevHub portal offline after hacker publishes stolen data

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached.

"We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed," reads an updated statement from Cisco.

"At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published." 

Cisco says there are no indications that personal information or financial data was stolen but is continuing to investigate what data may have been accessed.

This statement comes after a threat actor known as IntelBroker claimed to have breached Cisco and attempted to sell data and source code stolen from the company.

Cisco data for sale on a hacking forum
Source: BleepingComputer

IntelBroker alleged he gained access to a Cisco third-party developer environment through an exposed API token.

During Cisco's investigation, IntelBroker grew increasingly frustrated when the company would not acknowledge a security incident, sharing screenshots to prove he had access to a Cisco developer environment.

These screenshots and files, which we also shared with Cisco, showed that the threat actor had access to most, if not all, of the data stored on this portal. This data included source code, configuration files with database credentials, technical documentation, and SQL files.

It is unclear what customer data was stored on these servers, and none was shared.

IntelBroker further claimed to have continued access until today, when Cisco blocked all access to the portal and the compromised JFrog developer environment. The threat actor also said he lost access to a Maven and Docker server related to the DevHub portal but did not share any proof of said access.

When asked if he attempted to extort Cisco not to publish stolen data, IntelBroker said he did not try as they would likely not trust him to keep his word.

"I wouldn't trust a threat actor if they asked for money not to leak my stuff, so they shouldn't either," IntelBroker explained.

While Cisco continues to say that no systems were breached, everything we have seen does indicate that a third-party development was breached, allowing the threat actor to steal data.

Microsoft creates fake Azure tenants to pull phish...
Tech giant Nidec confirms data breach following ra...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023