A known threat actor has reportedly broken into Cisco and stolen confidential information from the company. In a recent thread on the hacking crime forum BreachForums, a data leaker going by the handle IntelBroker offered to sell Cisco data, saying, "Today, I am selling the Cisco breach that recently happened (6/10/2024). Breached by IntelBroker, EnergyWeaponUser, and zjj."
"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!" read the post to the hacking forum.
This potential breach puts the impacted parties at risk of identity theft, phishing scams, and financial loss.
Additionally, IntelBroker released screenshots of customer management portals, a database, customer information and other customer documentation as samples of the purportedly stolen data. The threat actor did not, however, elaborate on how the data was acquired.
Cisco told some media outlets that it is aware of the situation and investigating the matter.
“Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files,” a Cisco spokesperson said. “We have launched an investigation to assess this claim, and our investigation is ongoing.”
Given that IntelBroker has a track record as a data leaker, it is possible that the breach is real. The same hacker has so far made public information from T-Mobile, Home Depot, General Electric and numerous other companies. Along with EnergyWeaponUser, IntelBroker had allegedly breached AMD in August 2024.