October 15, 2024 at 06:40PM
Cisco is investigating a potential data breach following claims from hacker IntelBroker, who alleges they stole and are selling sensitive Cisco files, including source code and credentials. Multiple major companies may be affected. Cisco has not confirmed the breach details, and investigations are ongoing.
### Meeting Takeaways from Cisco Data Breach Discussion
1. **Breach Confirmation**: Cisco is currently investigating claims of data theft, including sensitive files that are allegedly being sold on the dark web.
2. **Data Involved**: The supposed stolen data includes:
– Projects from GitHub and GitLab
– SonarQube projects
– Source code and hardcoded credentials
– Confidential documents, Jira tickets, and API tokens
– AWS private buckets, Docker builds, Azure storage buckets
– Private and public keys, SSL certificates, and product information
3. **Allegations by Cyber Criminals**: The extortionist known as IntelBroker, along with two accomplices, claims that the breach occurred on June 10. They have a history of similar activities, including the theft of internal communications from AMD.
4. **Affected Entities**: Numerous major companies are listed as potentially impacted by the breach, including AT&T, Verizon, T-Mobile US, Chevron, Microsoft, Vodafone, and SAP.
5. **Responses from Affected Companies**:
– SAP has acknowledged the situation and is conducting an investigation.
– Other companies contacted have not yet responded, but one claimed there is “no evidence” of data theft.
6. **Previous Incidents**: There might be a possible link between this breach and a prior attack (CosmicSting) that compromised Cisco’s Magento-based merchandise site, though Cisco has stated that issue has been resolved with no credentials compromised.
7. **IntelBroker’s Risk**: By publicizing sensitive information about high-profile organizations, IntelBroker is exposing themselves to increased scrutiny and potential repercussions.
8. **Verification Status**: The Register has not confirmed the accuracy of the claims made by IntelBroker regarding the data breach.
### Next Steps
– Continue monitoring developments regarding the investigation by Cisco and affected companies.
– Stay alert for official statements or updates pertaining to the alleged breach and data integrity.
– Assess the potential implications for client relationships and data security in light of the situation.