Networking equipment provider Cisco confirmed it had information stolen after reports emerged that some of its data was offered for sale on a popular cybercrime forum. The seller, a hacker known as “IntelBroker,” posted about a “Cisco breach” on October 14, claiming to have obtained a wide range of sensitive data.
IntelBroker alleged that the stolen files included GitHub and SonarQube projects, source code, hardcoded credentials, confidential documents, Jira tickets, encryption keys, API tokens, AWS private buckets, certificates, and more. The hacker also claimed to have access to data from major corporations such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile, and Bank of America.
As proof, IntelBroker shared screenshots of management interfaces, internal documents, source code, and databases that purportedly held customer information.
Following an internal investigation, Cisco said that its systems had not been breached. In a statement, the company explained that the stolen data originated from a public-facing DevHub environment, a resource center that hosts software code, scripts, and other materials intended for customer use.
“Based on our investigations, we are confident that there has been no breach of our systems,” Cisco said in its security incident report. “We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed.”
Cisco acknowledged that a small number of files, which were not intended for public download, had been accessed and potentially published. However, the company stated that there is no evidence to suggest that sensitive personal information (PII) or financial data had been compromised. As a precaution, Cisco has temporarily disabled public access to the DevHub site as the investigation continues.