Cisco has confirmed the authenticity of a 4.45GB data leak posted online by the hacker known as IntelBroker.
The leaked files, released on December 25, 2024, via BreachForums, are part of a larger dataset that IntelBroker claims to have exfiltrated from Cisco’s publicly accessible DevHub platform in October 2024.
Despite the leak, Cisco has reiterated that its internal systems and enterprise environments remain uncompromised.
The data leak follows an earlier release by IntelBroker in mid-December, which included 2.9GB of files. The latest release contains additional sensitive materials such as Java binaries, source code, cloud server disk images, cryptographic signatures, and internal project archives.
These files were reportedly obtained due to a misconfiguration in the DevHub platform that inadvertently made certain files publicly accessible.
Cisco has since corrected the configuration error and restored access to DevHub after temporarily disabling it for investigation purposes.
Investigation of the Breach
Cisco’s investigation has determined that the leaked files align with those identified during their initial analysis in October.
The company emphasized that the exposed data originated from publicly accessible pages on DevHub and did not include any sensitive customer information such as personally identifiable information (PII) or financial data.
Some of the files pertain to a limited set of Cisco CX Professional Services customers, who have been notified and provided with copies of the relevant files for review.
The breach highlights growing concerns about cloud misconfigurations and their exploitation by threat actors. IntelBroker, a notorious hacker associated with high-profile cyberattacks, has claimed responsibility for this incident.
The hacker had previously alleged possession of 4.5TB of Cisco data and appears to be using these leaks to bolster their reputation within the cybercriminal community.
Cisco has implemented enhanced security measures to prevent similar occurrences in the future. These include stricter controls over automation processes, improved monitoring systems for public-facing platforms, and expanded quality assurance testing.
The company has also involved law enforcement and third-party forensic experts to analyze the breach comprehensively.
While Cisco maintains confidence in the integrity of its internal systems, this incident serves as a stark reminder of the risks posed by misconfigurations in publicly accessible platforms.
Cybersecurity experts have urged organizations to prioritize robust security practices and regularly audit their systems to mitigate such vulnerabilities.
As investigations continue, Cisco has assured its customers of ongoing transparency and support while addressing any outstanding concerns related to this data exposure.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free