Cisco recently confirmed that a cyber attacker managed to steal data from a public-facing DevHub environment, which contained software code and scripts. The incident came to light on October 15, prompting Cisco to launch an investigation after receiving reports of unauthorized access to their data. Although Cisco maintains that its systems were not breached, the attacker was able to extract data from the DevHub environment.
In response to the security breach, Cisco took precautionary measures by disabling public access to the portal and assured customers that they would be notified if any impacts on them are discovered during the investigation. According to Cisco’s security advisory, a limited number of files that were not meant for public download may have been published by the attacker. However, as of the latest update, Cisco confirmed that the leaked information did not include any sensitive personal or financial data.
The affected DevHub environment served as a resource center for customers and contained valuable software code, scripts, and other related materials. The breach came to the attention of Cisco after a user known as “IntelBroker” claimed responsibility for the attack on a dark web hacking forum. IntelBroker alleged that the stolen data included hard-coded credentials, confidential documents, API tokens, GitHub projects, Amazon Web Services private buckets, private and public keys, as well as SSL certificates. The hacker also claimed that other major companies like Verizon, AT&T, and Bank of America were also targeted.
DarkEye, a security vendor, highlighted the severity of the breach on X (formerly Twitter) and warned that it posed a significant threat to global corporate cybersecurity. IntelBroker later posted on X claiming that Cisco had revoked their access to the compromised DevHub environment.
When contacted by TechTarget Editorial for further clarification on the type of data accessed by the attacker, Cisco referred to their security advisory issued on Friday. The investigation into the breach is ongoing, and Cisco is taking steps to ensure the security of their systems and information.
In conclusion, the breach of Cisco’s DevHub environment serves as a reminder of the persistent threat posed by cyber attackers to organizations of all sizes. It underscores the importance of maintaining robust cybersecurity practices and promptly addressing any security incidents to safeguard sensitive data and protect against potential risks to customers and partners. Cisco’s proactive response to the breach is commendable, and their commitment to transparency in communicating with stakeholders is crucial in maintaining trust and confidence in their security measures.