On October 14, a hacker known as IntelBroker announced a breach of Cisco systems on a well-known cybercrime forum. The hacker claimed to have accessed a wide range of sensitive information, including GitHub and SonarQube projects, source code, hardcoded credentials, confidential documents, encryption keys, and much more. IntelBroker also alleged that they obtained data related to prominent companies such as Microsoft, AT&T, Verizon, Chevron, BT, SAP, T-Mobile, and Bank of America.
The hacker supported these claims by publishing screenshots that appeared to show access to management interfaces, internal documents, source code, and databases containing customer information.
Upon learning of the claims, Cisco immediately launched an investigation. While the probe is ongoing, the tech giant stated that its internal systems had not been compromised. Instead, Cisco indicated that the hacker likely accessed data from a public-facing content management environment known as DevHub. This platform, Cisco explained, is used to make available source code, scripts, and other materials for customers.
“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” Cisco confirmed. The company reassured that no confidential information, such as personally identifiable information (PII) or financial data, had been found in the compromised files so far. Cisco has since disabled public access to the affected DevHub environment as a precaution.
IntelBroker has a reputation for targeting major companies, and while several of these companies have confirmed breaches, many have reported that the damage was limited. This suggests that the hacker’s claims may be exaggerated.
One recent example involved Deloitte, where a similar intrusion was reported. However, it was later revealed that no sensitive data had been compromised.
The investigation into the Cisco incident continues, with the company working to ensure that no further exposure occurs.
