Cisco was forced to pull its DevHub portal offline after an unauthorized actor publicly dumped sensitive files. The tech giant admitted some internal data had been exposed but insisted there’s no proof its core systems were compromised. A deeper probe is underway to assess what exactly went wrong.
The breach became public when a hacker going by “IntelBroker” claimed to have stolen materials from Cisco’s DevHub, a platform that hosts code and scripts for developers. The leaked files allegedly included source code and technical documents. The hacker took to social media to flaunt their access, sharing screenshots to back up their claims. Cisco acknowledged these files were part of the DevHub environment, but they stressed personal or financial details were not among the leaked information.
IntelBroker, a Serbian black hat hacker residing in Russia, has been active from October 2022 and is known for executing numerous high-profile cyber attacks. The entities targeted include Europol, Pandabuy, and Apple, with evidence linking over 80 instances of data sales and leaks back to this individual.
The Hacker Goes Public with Screenshots
IntelBroker didn’t wait long to reveal their breach to the world. Frustrated by what they saw as Cisco’s silence, they posted evidence showing access to large parts of the DevHub platform. Among the files leaked were internal documents, database credentials, and configuration files. There’s no confirmation yet on whether any customer data was involved, as none of it has been seen by external parties.
The breach only got worse from there. IntelBroker claimed they had continuous access to the system until Cisco blocked their entry. The hacker stated that they lost control over the portal as well as several related services, including a Docker and Apache Maven server that were tied to the compromised environment. While Cisco’s investigation is ongoing, IntelBroker is still insisting that much more information is available for sale on dark web forums.
Cisco Responds to Breach but Downplays Risk
In response to the breach, Cisco clarified that the compromised DevHub portal was public-facing and designed to provide development resources to its customers. The company admitted some files that weren’t supposed to be publicly accessible were leaked, but emphasized that this does not appear to have impacted any internal systems or highly sensitive data. The DevHub portal has since been taken offline, and further access by the hacker has been blocked.
IntelBroker said they never attempted to extort Cisco, arguing that ransom demands are a bad idea because “no one trusts a hacker to keep their word”. Despite these assurances, the hacker is still offering the stolen data for sale online, though it’s unclear what’s included or how much of it has actually been verified by third parties.
Ongoing Investigation with Conflicting Claims
While Cisco has been proactive in its communication, the story remains murky. IntelBroker insists that they had broader access to Cisco’s infrastructure than the company has admitted. The investigation is still ongoing, and the tech giant is currently working to notify any customers who may have been affected. The situation remains fluid as Cisco works to understand exactly how much was taken and how the breach occurred.
Last Updated on November 7, 2024 2:26 pm CET
