In October 2024, the hacker group IntelBroker claimed to have accessed Cisco’s public-facing DevHub environment, allegedly downloading up to 4.5 terabytes of data. This data reportedly includes source code, hardcoded credentials, certificates, and internal documents related to Cisco products such as IOS XE & XR, Identity Services Engine (ISE), Secure Access Service Edge (SASE), Umbrella, and Webex.
Cisco responded by stating that its internal systems were not breached. The company attributed the incident to a misconfigured DevHub resource, which inadvertently exposed certain files. Cisco emphasized that the majority of the data on DevHub was intended for public access, though some files not meant for public download were mistakenly made accessible due to a configuration error.
On December 16, 2024, IntelBroker released a 2.9-gigabyte sample of the purportedly stolen data on BreachForums, aiming to validate their claims and attract potential buyers for the remaining data. The leaked sample reportedly contains source code and other sensitive information pertaining to Cisco’s products.
This incident underscores the critical importance of securing public-facing developer platforms and ensuring proper configuration to prevent unauthorized access. It also highlights the potential risks associated with misconfigurations in development environments, which can inadvertently expose sensitive data to malicious actors.
