Cisco Investigates Major Data Breach: Sensitive Developer Data at Risk!

Cisco has officially confirmed that it is actively investigating recent claims of a significant security breach, following various reports that a threat actor is allegedly attempting to sell sensitive, stolen data on a prominent hacking forum.

According to internal sources at Cisco, the company is fully aware of multiple reports indicating that an individual is now claiming to have illegally gained access to certain critical Cisco-related files. Cisco also mentioned that a thorough investigation has been immediately launched to assess these claims, and the inquiry is still currently ongoing.

Details of the Cisco Data Breach and IntelBroker’s Allegations

The claims emerged after a well-known threat actor, “IntelBroker,” along with two other associates identified as “EnergyWeaponUser” and “zjj,” reportedly stated that they had breached vital Cisco systems on October 6, 2024, and obtained a significant amount of highly sensitive developer-related data.

IntelBroker had also posted detailed information about the compromised, stolen data on a widely known hacking forum, which allegedly included confidential Github projects, Gitlab Projects, SonarQube projects, source code, embedded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS private buckets, Cisco technology SRCs, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and more. He also allegedly shared several samples of the stolen data, which included important databases, customer details, documentation, and screenshots from customer management portals. However, no further additional details were provided on how this data had been obtained.

In June, IntelBroker had reportedly started selling or leaking highly sensitive data from various major companies, including T-Mobile, AMD, and Apple. Sources familiar with the entire situation had suggested that the data might have been stolen from a third-party managed services provider, responsible for DevOps and advanced software development services.

It remains completely unclear whether this latest Cisco breach is directly linked to the June incidents.

 Cisco’s Ongoing Investigation into the Data Breach

Cisco also indicated that the company is actively investigating all reports that an unauthorized threat actor has claimed to have illegally accessed certain Cisco data, along with other customer information. Cisco assured the public that the company takes these serious allegations very seriously and had involved relevant law enforcement agencies as part of this broader investigation.

So far, Cisco’s internal investigation has reportedly found no substantial evidence that its core systems were compromised. The company also mentioned that it would notify affected customers immediately if it were confirmed that their sensitive confidential data had been accessed.