In recent news, tech giant Cisco has confirmed that a hacker accessed files during an incident that was announced in October. Despite denying that they suffered a breach, Cisco revealed on October 18 that their investigation into the incident uncovered that a threat actor had downloaded data from a public-facing DevHub environment. This environment is utilized by the company to provide software code, scripts, and other resources to customers. Cisco acknowledged that a “small number of files that were not authorized for public download may have been published.”

On Thursday, Cisco issued an update stating that “a limited set of CX Professional Services customers had files included and we notified them directly.” The company assured that if they identify further customer files that were affected, they will inform the relevant customers. They also encouraged customers with any remaining questions to reach out to their account teams for clarification.

These announcements came after claims were made on a cybercrime forum by a prominent hacker who shared stolen technical documents and production source code allegedly taken from various Fortune 500 companies on October 14. Subsequently, the hacker made another post on the social media site X, revealing that Cisco had offered $200,000 to remove the original post, an offer that was declined. When questioned about this post, a Cisco spokesperson redirected inquiries to the statements released throughout October.

Following the disclosure of the dark web post, Cisco stated that they were collaborating with law enforcement to investigate the claims. Despite maintaining that there was no breach of their systems and no leakage of sensitive personal or financial data, the company shut down public access to the site from which the hacker obtained the documents. Additionally, they compiled a list of files that they believe the threat actor downloaded while the repositories were publicly accessible.

According to Cisco, the majority of the information on their DevHub site consists of software artifacts intentionally made publicly available. However, they identified files that were not meant for public download due to a configuration error. These files were not searchable or indexed by popular search engines like Google. The company promptly rectified the configuration error and continues to scrutinize the content of the accessed files.

Cisco emphasized that they have not found any information in the accessed files that could enable an actor to breach their production or enterprise environments. This assurance was stated in their October 31 update. It is worth noting that Cisco previously underwent a data breach in 2022 caused by a Yanluowang ransomware attack, which resulted in the theft of documents from an employee Box folder.

As Cisco navigates this latest incident, they remain committed to ensuring the security of their systems and the confidentiality of customer data. The company’s proactive approach to investigating and addressing potential security risks demonstrates their dedication to maintaining trust and transparency with their clientele.

Извор линк