Cisco confirmed right this moment that it took its public DevHub portal offline after a menace actor leaked “private” information, however it continues to state that there isn’t any proof that its techniques have been breached.
“We have now decided that the info in query is on a public-facing DevHub setting—a Cisco useful resource middle that permits us to assist our neighborhood by making out there software program code, scripts, and so forth. for purchasers to make use of as wanted,” reads an up to date assertion from Cisco.
“At this stage in our investigation, we have now decided {that a} small variety of information that weren’t licensed for public obtain could have been printed.”
Cisco says there are not any indications that private data or monetary information was stolen however is constant to analyze what information could have been accessed.
This assertion comes after a menace actor often known as IntelBroker claimed to have breached Cisco and tried to promote information and supply code stolen from the corporate.
Supply: BleepingComputer
BleepingComputer spoke to IntelBroker concerning the alleged breach, who stated he gained entry to a Cisco third-party developer setting by an uncovered API token.
Throughout Cisco’s investigation, IntelBroker grew more and more pissed off when the corporate wouldn’t acknowledge a safety incident, sharing screenshots with BleepingComputer to show he had entry to a Cisco developer setting.
These screenshots and information, which we additionally shared with Cisco, confirmed that the menace actor had entry to most, if not all, of the info saved on this portal. This information included supply code, configuration information with database credentials, technical documentation, and SQL information.
It’s unclear what buyer information was saved on these servers, and none was shared with us.
IntelBroker additional claimed to have continued entry till right this moment, when Cisco blocked all entry to the portal and the compromised jFrog developer setting. The menace actor additionally stated he misplaced entry to a Maven and Docker server associated to the DevHub portal however didn’t share any proof of stated entry.
When requested if he tried to extort Cisco to not publish stolen information, IntelBroker stated he didn’t attempt as they might seemingly not belief him to maintain his phrase.
“I would not belief a menace actor in the event that they requested for cash to not leak my stuff, in order that they should not both,” IntelBroker advised BleepingComputer.
Whereas Cisco continues to say that no techniques have been breached, the whole lot we have now seen does point out {that a} third-party improvement was breached, permitting the menace actor to steal information.
BleepingComputer reached out to Cisco with additional questions on these claims, however a reply was not instantly out there.