Recently, at the Hacker Breachforums forum, data stolen from Cisco Devhub was published by a hacker known as Intelbroker. The hacker claimed that this release is just a small portion of the over 4.5 TB of information they have obtained.
Back in October, Intelbroker announced that they had hacked into Cisco systems and managed to access a variety of sensitive information such as source codes, certificates, accounting data, confidential documents, and encryption keys. The leaked data allegedly included information related to products from major companies.
Following the announcement, Cisco conducted an investigation and confirmed that there was indeed a leakage of documents. However, the company denied that their systems had been hacked. The investigation revealed that the data was taken from the public-facing DevHub platform, which is used to provide customers with access to source codes, scripts, and other content.
Cisco clarified that most of the data available on DevHub was already publicly accessible. However, due to a misconfiguration of the site, hackers were able to download files that were not meant for public viewing. This included documents related to clients from CX Professional Services.
Initially, Cisco reassured that no confidential information, including personal or financial data, had been compromised. However, later updates from the company removed this claim.
This week, Intelbroker posted 2.9 GB of data on Breachforums, claiming that these files were related to Cisco products such as Catalyst, iOS, Identity Services Engine (ISE), Security Service Edge (SASE), UMBRELLA, and Webex. The leaked files included information on JavaScript, Python, certificates, and library files.
Although Intelbroker asserts that they have 4.5 TB of data from DevHub, initially claiming only 800 GB, their reputation for exaggeration raises questions about the true extent of the leak.
Cisco responded to the publication by Intelbroker, stating that the files released were already identified during their internal investigation in October. The company reiterated that their systems were not breached, and the published materials do not contain any data that could jeopardize their production or corporate environments. More information can be found on Cisco’s official statement.