The notorious hacker IntelBroker has leaked 2.9GB of data allegedly stolen from Cisco’s DevHub environment. This partial leak, disclosed on December 16, 2024, is part of a broader breach involving an estimated 4.5TB of data.
The breach has raised serious concerns about the security practices of one of the world’s leading networking and IT companies.
The breach originated from Cisco’s public-facing DevHub portal, which IntelBroker claims was left exposed without proper security measures.
Cyber Press investigators discovered that the first samples provided by the group indicate that the download mainly targets essential Cisco software products, involving a total file size of 2.9 GB in the compromised archive.
Alongside collaborators identified as “@zjj” and “@EnergyWeaponUser,” the hackers reportedly gained access to sensitive resources by exploiting an exposed API token. The stolen data includes:
- Source code from GitHub, GitLab, and SonarQube projects.
- Hardcoded credentials, certificates, and API tokens.
- Confidential Cisco documents, Jira tickets, and Docker builds.
- AWS and Azure storage buckets.
- Private and public encryption keys, SSL certificates, and Cisco premium products.
IntelBroker initially announced the breach in October 2024 on BreachForums, a dark web platform. To validate their claims and attract buyers for the remaining dataset, the hacker released this partial leak containing files related to Cisco IOS XE & XR, Cisco ISE, Cisco Umbrella, Cisco Webex, and other technologies.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
The breach extends beyond Cisco’s internal operations. IntelBroker alleges that data linked to high-profile companies such as Verizon, AT&T, Microsoft, Bank of America, Barclays, Vodafone, Chevron, and others has been compromised.
The stolen information reportedly includes production source codes and customer Secure Remote Connections (SRCs), posing potential risks to these organizations.
Cisco’s Response
Cisco has acknowledged the incident but maintains that its core systems were not breached. The company attributes the exposure to a misconfigured DevHub environment designed for developers to access resources like software code and APIs.
As a precautionary measure, Cisco has disabled public access to DevHub while continuing its investigation.
In a statement, Cisco emphasized that no sensitive personally identifiable information (PII) or financial data has been detected among the exposed files so far. The company has engaged law enforcement and cybersecurity experts to assess the situation further.
This breach underscores ongoing vulnerabilities in securing publicly accessible developer environments. While Cisco asserts that its core infrastructure remains intact, the exposure of source codes and credentials could have far-reaching implications for its customers and partners.
Cybersecurity experts warn that such incidents highlight the need for robust access controls and continuous monitoring of public-facing systems.
IntelBroker’s actions also reflect a broader trend in cybercrime, where hackers release partial data leaks to validate breaches and increase demand for stolen information in underground markets.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free