October 14, 2024 at 10:30PM
Cisco is investigating claims of a data breach after a hacker, “IntelBroker,” alleged the theft of sensitive files including source code and customer data. The investigation follows IntelBroker’s announcement of selling the stolen data on a hacking forum. The connection to previous breaches remains unclear.
### Meeting Takeaways:
1. **Investigation of Breach Claims**:
– Cisco is currently investigating claims of a data breach after a threat actor allegedly sold stolen data on a hacking forum.
2. **Statement from Cisco**:
– A Cisco spokesperson confirmed awareness of reports regarding unauthorized access to Cisco-related files and noted that an investigation is ongoing.
3. **Details from Alleged Threat Actor**:
– The actor, known as “IntelBroker,” claims to have breached Cisco on June 10, 2024, stealing significant developer data, including GitHub projects, source code, hard-coded credentials, certificates, customer SRCs, and more.
4. **Samples of Alleged Stolen Data**:
– IntelBroker provided samples of the stolen data, which reportedly include a database, customer information, and screenshots of management portals.
5. **Context of Broader Data Leaks**:
– The breach of Cisco is potentially linked to a series of data leaks involving other companies (T-Mobile, AMD, Apple) reported in June, which may have originated from a third-party managed services provider.
6. **Ongoing Communications**:
– BleepingComputer has reached out to the implicated third-party vendor for confirmation about a cyberattack but has yet to receive a response.
7. **Uncertainty of Connection**:
– It remains unclear if the Cisco breach is related to the previous incidents involving other companies.