Zscaler is investigating data breach claims
May 09, 2024
Cybersecurity firm Zscaler is investigating allegations of a data breach following reports that threat actors are offering for sale access to its network. The company confirmed that there is no impact or compromise to its customer, production and corporate environments.
“Zscaler continues to investigate and reiterates there is no impact or compromise to our customer, production and corporate environments. During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation.” reads the message published by the company. “We continue to monitor the situation and will provide additional updates through the completion of the investigation.”
The notorious threat actor IntelBroker announced on a Breach Forums that he was selling access to “one of the largest cyber security companies.” IntelBroker did not reveal the name of the compromised security firm, but the threat actor announced in the BF ShoutBot that the company is ZScaler.
IntelBroker has offered to sell “confidential and highly critical logs packed with credentials”, including SMTP access, PAuth access, and SSL passkeys and certificates, for a total price of $20,000 in cryptocurrency.
“Hello BreachForums Community. Today Im sellng access to one of the largest cyber security companies. Revenue: $1.8 Billion Access includes: Confidential and highly critical logs packed with credentials SNITP Access Muth Pointer Auth Access SSL Passkeys S. SSL Certificates some others (will be on contact)” reads the announcement published by IntelBroker who is demanding $20K in XMR or ETH.
The seller added that the sale is covered by escrow, he will sell the access only to reputable forum members that will provide proof of funds.
In a previous update, ZScaler reported that their investigation discovered an isolated test environment on a single server (without any customer data) that was exposed to the internet. The company pointed out that the test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments. However, the security firm has taken offline the test environment to conduct forensic analysis.
To be continued, stay tuned …
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, cybercrime)