Cisco on Friday confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company.
The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum. The threat actor claimed to have obtained GitHub and SonarQube projects, source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, encryption keys, and other types of information.
IntelBroker claimed to have obtained source code associated with major companies such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile and Bank of America.
He published several screenshots apparently demonstrating access to management interfaces, internal documents and slideshows, source code, as well as databases storing customer information.
The networking giant launched an investigation after learning of the claims. The probe is ongoing, but as of Friday, Cisco said it was confident its own systems were not breached.
Instead, the company said the hacker obtained the data from a public-facing DevHub environment. DevHub is a content management and marketing solution, and Cisco described the compromised environment as a resource center used to make available source code, scripts and other content for customers.
“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” Cisco said, adding, “As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.”
In response to the incident, Cisco has disabled public access to the impacted website.
IntelBroker is known for targeting major companies and many of them have confirmed a data breach. However, many victims also claimed that the impact of the incident was limited, suggesting that the hacker’s claims had been exaggerated.
