Hewlett Packard Enterprise (HPE) is currently embroiled in an investigation following claims made by a well-known hacker who goes by the alias IntelBroker. The hacker boldly declared on January 16 via BreachForums that they have successfully obtained sensitive data from HPE’s systems and are now offering these files for sale.
Among the array of data purportedly stolen by IntelBroker are source codes for renowned HPE products such as Zerto and iLO, private repositories on GitHub, Docker builds, and digital certificates. Additionally, the hacker boasts possession of personally identifiable information (PII) linked to historical user deliveries and access to various HPE services like WePay, GitHub, and GitLab.
A spokesperson for HPE acknowledged the breach claims through various media outlets but maintained that the company remains unaffected operationally, with no evidence of compromise in customer data. As a precautionary measure, HPE swiftly implemented its cybersecurity protocols by deactivating compromised credentials and initiating a thorough investigation to determine the veracity of the claims.
IntelBroker is no stranger to high-profile cyberattacks, with past breaches targeting major corporations including Cisco, General Electric, and Europol. While some victims have acknowledged the legitimacy of the stolen data, they have also emphasized that the actual repercussions were not as dire as initially insinuated by the hacker.
The data leaked by IntelBroker encompasses a wide range of sensitive material, including source codes for HPE products like Zerto and iLO, private repositories on GitHub and Docker builds, as well as both public and private digital certificates. Hackread.com, which analyzed a sample of the stolen data, revealed that the breach encompassed a development environment utilizing a mix of open-source and proprietary tools.
Contrary to some speculation, IntelBroker affirms that the breach was a direct hack and not a byproduct of third-party compromise. With a track record of targeting esteemed companies like T-Mobile, AMD, and Apple over the past year, the hacker has often been the subject of scrutiny due to previous exaggerations regarding breaches at Apple and Europol. Despite this, IntelBroker is known for making substantiated claims rather than entirely fabricated stories.
As HPE’s investigation into the alleged breach unfolds, cybersecurity experts are diligently assessing the potential magnitude and implications of the security breach. The company remains committed to safeguarding its systems and ensuring the protection of sensitive data amidst an evolving landscape of cybersecurity threats.