Cisco Confirms Security Incident After Data Found for Sale | Sync Up

173

Recently, sensitive data from Cisco began appearing on the dark web. We’ll dive into what hackers are claiming to have stolen and the latest developments in the ongoing investigation as we sit down and Sync Up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

  • Sensitive data from Cisco appearing on the dark web.
  • One hacker’s claim to have accessed various important files.
  • The hacker’s attempt to sell the stolen data online.
  • Cisco’s response to the event.
  • How this event relates to other attacks.
  • How external tools can still be vulnerable even if core systems are secure.

Video Transcript

Cisco is investigating a potential data leak after a hacker known as IntelBroker claimed to have stolen a variety of sensitive files. According to the hacker, this includes things like source code, API tokens, and customer-related technical documents. However, Cisco has stated that they haven’t found any evidence of a breach in their core systems and that no personal or financial customer data seems to be at risk.

The hacker says they got access through an exposed API token from one of Cisco’s external developer environments, allowing them to access certain files that weren’t meant to be public. Since that time, the cybercriminal has been trying to sell this data on a hacking forum and has even shared screenshots to prove their access.

According to Cisco, this leak reportedly began on October 6, 2024, but wasn’t publicly exposed until more recently. Since that time, Cisco has taken down its DevHub portal, which is where the leaked data was stored, and they’ve blocked further access.

While the hacker claims to have accessed customer-related documents, Cisco says they haven’t found any evidence that personal or financial customer information, like credit card numbers, was exposed. Most of the data seems to be technical, such as credentials and configuration files, but Cisco has promised to notify any customers if they confirm something more serious.

As for whether this breach is connected to other recent attacks, that’s still up in the air. IntelBroker has previously leaked data from companies like T-Mobile and Apple, but Cisco hasn’t confirmed if this incident is part of a larger pattern.

What’s interesting here is that even though Cisco says their core systems weren’t breached, data can still leak if external platforms aren’t secured properly. In turn, this is a reminder that even if a company’s core systems are secure, vulnerabilities in third-party platforms or external environments can still put data at risk. If your business relies on external tools or third-party vendors, it’s crucial to ensure everything is properly secured to prevent data leaks.

At Rocket IT, we help businesses safeguard their entire IT environment, including third-party platforms, to minimize security risks. If you’re concerned about potential vulnerabilities or want to make sure your systems are fully protected, contact us using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.

Related Posts

Subscribe to Rocket IT's Newsletter

Stay up to date on trending technology news and important updates.

CTA2

Find out if Rocket IT is the right partner for your team

Claim a free consultation with a technology expert.

Fed up with IT support that falls short?

Claim a free 30-minute consultation and explore three key practices to evaluate the maturity of your help desk.