This breach was first reported a week ago and involves three threat actors, with IntelBroker previously linked to significant data breaches.

As a precautionary measure, Cisco has disabled public access to the DevHub while the investigation continues.

Cisco has taken its public DevHub portal offline following a cyberattack that resulted in the leak of sensitive data, although the company insists its systems were not breached.

The investigation into this incident began on October 15, 2023, and Cisco confirmed the security breach three days later, revealing that the affected data originated from a public-facing resource center.

The compromised data includes sensitive materials such as source code, API tokens, credentials, certificates, and secrets from major companies like Microsoft, Verizon, and AT&T.

Currently, there is no evidence that personal identity data or financial information was accessed, but the investigation is ongoing to determine the full extent of the breach.

Cisco clarified that the exposed data came from a public-facing DevHub environment, where a small number of unauthorized files may have been published.

The leaked data reportedly includes source code, configuration files with database credentials, technical documentation, and SQL files.

This incident underscores the necessity for organizations to secure public-facing environments against potential threats, highlighting the importance of practices like input validation and strong authentication.

Despite the incident, Cisco maintains that its own systems were not compromised, and the investigation is focused on the unauthorized files that may have been published.

The threat actor known as IntelBroker claimed to have accessed Cisco's third-party developer environment via an exposed API token and has since posted the data for sale on BreachForums.

Experts recommend a multilayered security strategy to minimize risks, which includes strict access controls, secure coding practices, and regular security assessments.