Cisco takes its developer hub offline following data theft

Cisco
(Image credit: Shutterstock / Valriya Zankovych)

Cisco has taken its DevHub website offline following a cyberattack and a data leak incident. It also played down the value of the breach and said it shut down the site “out of an abundance of caution”.

Recently, a known data leaker, alias IntelBroker, posted a new thread on the infamous BreachForums, offering Cisco data for sale.

In the thread, the hacker credited EnergyWeaponUser and zjj for the breach, and stated that the archive includes Github projects, Gitlab projects, SonarQube projects, source code, hardcoded credentials, certificates, customer SRCs, confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco Technology SRCs, Docker builds, Azure Storage buckets, private & public keys, SSL certificates, and more.

Exposed API token

Cisco responded by saying it was investigating the breach, and has now come forward with additional information.

“Based on our investigations, we are confident that there has been no breach of our systems,” Cisco said. “We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed. We have determined that a small number of files that were not authorized for public download may have been published.”

The announcement also states there is no evidence of personally identifiable information (PII) or financial data being exposed this way, but Cisco is continuing its investigation.

“Out of an abundance of caution, we have disabled public access to the site while we continue the investigation.”

But IntelBroker disagrees that there was no breach. Speaking to BleepingComputer, they said they gained access to a Cisco third-party developer environment through an exposed API token. They also told the publication that they had access to Cisco’s developer environment, and even shared screenshots as proof.

“While Cisco continues to say that no systems were breached, everything we have seen does indicate that a third-party development was breached, allowing the threat actor to steal data,” the publication concluded.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
HPE
HPE investigating claims that hacker breached developer environments, source code
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Data leak
Details of over 15,000 FortiGate devices leaked online, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Oracle
Oracle denies data breach after hacker claims to hold six million records
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does