In recent developments, Cisco has confirmed a security breach affecting its DevHub portal. This breach, recently disclosed, involved unauthorized access to sensitive data not intended for public release. As of now, the compromised DevHub environment has been taken offline as a precautionary step.

Details of the Breach

The initial speculations of a potential cyberattack arose after the sale of purportedly stolen data from Cisco began circulating in the dark web. This dataset reportedly included sensitive items such as API tokens, business documents, and private keys. These initial indicators prompted Cisco to investigate, and the company has now confirmed that attackers indeed gained access to their DevHub portal.

The DevHub environment primarily hosted software code and scripts accessible by customers. However, Cisco has clarified that no financial data was exposed in this incident. As investigations continue, the networking giant is proactively reaching out to affected clients to address any concerns and mitigate potential damage.

Stolen Data for Sale

Despite Cisco's efforts to manage the aftermath, stolen data from the hack is still being offered for sale on the dark web. According to the alleged leaker, identified as IntelBroker, the data encompasses internal repositories including GitHub projects, source codes, and SSL certificates. The leaker further stated to BleepingComputer that they are not attempting to extort Cisco with this data, emphasizing a lack of trust in threat actors who demand ransoms.

Cisco's cybersecurity team remains vigilant in resolving the security lapse and ensuring customer data's integrity. With the ongoing investigation, Cisco aims to plug security vulnerabilities and prevent future breaches.

For further details, you can visit the full report on Heise Online.