Cisco Confirms DevHub Data Breach by Hacker, No Core Systems Compromised
October 22, 2024In response to the claims, Cisco initiated an investigation and reported that its own systems were not breached.
Ongoing investigations are being conducted, with Cisco proactively reaching out to affected customers to address any concerns.
The leaked data is reportedly still for sale on the dark web, including internal Cisco information such as SSL certificates and confidential documents.
IntelBroker has a history of targeting large corporations, and while some companies have confirmed breaches, others suggest that the hacker's claims may be exaggerated.
To ensure safety during the investigation, Cisco has disabled public access to the DevHub site.
Despite the breach, Cisco maintains that its core infrastructure has not been compromised and is taking the allegations seriously.
The leaked data included non-public information that was not intended for public download, but Cisco has confirmed that no financial data was compromised.
As of mid-October 2024, Cisco determined that only a small number of unauthorized files may have been published, with no sensitive personal information confirmed as compromised.
A hacker known as IntelBroker publicly announced a data breach on October 14, claiming access to sensitive information from Cisco, including GitHub projects, source code, and API tokens.
Cisco confirmed that the data published by IntelBroker was indeed stolen from its DevHub environment, which is designed for developers to share resources.
The investigation revealed that the compromised data was obtained from a public-facing DevHub environment, which is used for sharing source code and other content.
Interestingly, IntelBroker has stated that they are not extorting Cisco for the stolen data, which raises questions about their motives.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources
SecurityWeek • Oct 21, 2024
Cisco Confirms Security Incident After Hacker Offers to Sell DataSecurity Affairs • Oct 21, 2024
Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment