Cisco confirmed that it has taken its public DevHub portal offline following the leak of “non-public” data by a threat actor.
Despite the incident, the company insists there is no evidence of a system breach.
In a statement, Cisco explained that the compromised data was stored in a public-facing environment used to share software code and scripts with its community. The company acknowledged that a small number of unauthorized files were made public but stressed that no personal or financial information appears to have been compromised. Cisco is continuing to investigate the situation.
The incident came to light after a hacker known as IntelBroker claimed to have accessed Cisco’s data and attempted to sell stolen source code. IntelBroker allegedly gained access through an exposed API token within a third-party developer environment, according to screenshots shared with BleepingComputer.
Cisco has since blocked access to the portal and the compromised environment. However, IntelBroker claims he maintained access until the portal was taken down. The threat actor did not attempt to extort Cisco, citing a lack of trust between companies and hackers in such scenarios.
While Cisco maintains that no breach of its core systems occurred, the data leak highlights vulnerabilities in its third-party development environments.
