On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be.
InteIBroker claims to have access to “logs packed with credentials”, SSL passkeys and certificates, SMTP and PAuth access, and is offering it all for $20,000.
Some six hours Zscaler confirmed that they discovered an isolated test environment on a single server that was exposed to the internet, but did not contain customer data.
“The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments,” the company said. “Zscaler can confirm there is no impact or compromise to its customer, production and corporate environments.”
The company did not mention whether any credentials and secrets have been compromised.
Zscaler took the test environment offline for forensic analysis and they engaged an incident response firm to perform an independent investigation to confirm or deny their own findings.
The investigation is still ongoing, so new revelations may come up.
But this also may turn out to be a non-event. Security researcher Kevin Beaumont has pointed out that the “IntelBroker” alias is used by multiple people and they are not an entirely reliable source of information.
The relatively low price asking price has also made many doubt their claims.