Cisco confirmed right now that it took its public DevHub portal offline after a risk actor leaked “personal” knowledge, nevertheless it continues to state that there isn’t any proof that its methods have been breached.
“We now have decided that the info in query is on a public-facing DevHub atmosphere—a Cisco useful resource middle that permits us to help our neighborhood by making out there software program code, scripts, and so forth. for patrons to make use of as wanted,” reads an up to date assertion from Cisco.
“At this stage in our investigation, we now have decided {that a} small variety of information that weren’t licensed for public obtain might have been revealed.”
Cisco says there are not any indications that non-public info or monetary knowledge was stolen however is continuous to analyze what knowledge might have been accessed.
This assertion comes after a risk actor referred to as IntelBroker claimed to have breached Cisco and tried to promote knowledge and supply code stolen from the corporate.
Supply: BleepingComputer
BleepingComputer spoke to IntelBroker in regards to the alleged breach, who mentioned he gained entry to a Cisco third-party developer atmosphere by way of an uncovered API token.
Throughout Cisco’s investigation, IntelBroker grew more and more annoyed when the corporate wouldn’t acknowledge a safety incident, sharing screenshots with BleepingComputer to show he had entry to a Cisco developer atmosphere.
These screenshots and information, which we additionally shared with Cisco, confirmed that the risk actor had entry to most, if not all, of the info saved on this portal. This knowledge included supply code, configuration information with database credentials, technical documentation, and SQL information.
It’s unclear what buyer knowledge was saved on these servers, and none was shared with us.
IntelBroker additional claimed to have continued entry till right now, when Cisco blocked all entry to the portal and the compromised jFrog developer atmosphere. The risk actor additionally mentioned he misplaced entry to a Maven and Docker server associated to the DevHub portal however didn’t share any proof of mentioned entry.
When requested if he tried to extort Cisco to not publish stolen knowledge, IntelBroker mentioned he didn’t strive as they might possible not belief him to maintain his phrase.
“I would not belief a risk actor in the event that they requested for cash to not leak my stuff, so that they should not both,” IntelBroker instructed BleepingComputer.
Whereas Cisco continues to say that no methods have been breached, the whole lot we now have seen does point out {that a} third-party growth was breached, permitting the risk actor to steal knowledge.
BleepingComputer reached out to Cisco with additional questions on these claims, however a reply was not instantly out there.