Cisco, has launched an investigation into a potential cyber security incident and has taken its public DevHub portal offline as a precautionary measure.
On October 18, 2024, the company confirmed that it is looking into reports of an unauthorized actor allegedly gaining access to certain Cisco data and customer information.
The incident came to light when a threat actor, IntelBroker, claimed to have breached Cisco and attempted to sell stolen data and source code.
The hacker reportedly gained access to a Cisco third-party developer environment through an exposed API token, raising concerns about the security of the company’s developer resources.
In response to these claims, Cisco has stated that there is currently no evidence of a breach in their systems.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
However, the company has acknowledged that a “small number of files that were not authorized for public download may have been published” on their public-facing DevHub environment.
This portal serves as a resource center for customers, providing software code and scripts for their use.
As part of their investigation, Cisco has disabled public access to the DevHub site. The company has also engaged law enforcement to assist in the matter, demonstrating the seriousness with which they are treating the situation.
While Cisco maintains that no sensitive personal information or financial data appears to have been compromised, they are continuing their investigation to confirm the extent of the potential data exposure.
The company has committed to notifying customers directly if it is determined that unauthorized actors have obtained their confidential information.
The incident highlights the ongoing challenges large technology companies face in securing their digital assets and protecting customer data. It also underscores the importance of robust security measures for developer environments and API management.
Cisco has urged customers with concerns to contact their Product Security Incident Response Team (PSIRT) at [email protected].
As the investigation unfolds, the technology community will be watching closely to see how Cisco manages this security incident and what lessons can be learned to prevent similar occurrences in the future.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here