Cisco notifies ‘limited set’ of customers after hacker accessed non-public files

Avatar

Cisco said it has notified a limited set of customers about files that were accessed by a hacker during an incident announced in October. 

The tech giant has repeatedly denied that it suffered a breach but said on October 18 its investigation into the incident revealed that a threat actor downloaded data on a public-facing DevHub environment — a platform the company uses to make software code, scripts and more available for customers. Cisco admitted that a “small number of files that were not authorized for public download may have been published.”

On Thursday, Cisco updated its statement and said “a limited set of CX Professional Services customers had files included and we notified them directly.” 

“In the event that we identify further customer files, we will notify the relevant customers. Customers with outstanding questions can follow up with their account teams,” the company said. 

The statements follow claims made on a cybercrime forum by a prominent hacker who on October 14 shared troves of allegedly stolen technical documents as well as production source code from a broad range of Fortune 500 companies.

The hacker took to social media site X this weekend to claim Cisco offered $200,000 to get the person to take the post down, an offer they declined. When asked for comment about this post, a Cisco spokesperson directed Recorded Future News to the statements released last Thursday and throughout the month of October. 

After the dark web post was revealed, Cisco said it was working with law enforcement to investigate the claims. The company has repeatedly said there was no breach of its systems and no leak of sensitive personal information or financial data. 

But the company removed public access to the site where the hacker took the documents from and later compiled a list of the files that they believe the threat actor downloaded while the repositories were publicly available. 

“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available,” the company said. 

“We have, however, identified files that were not intended for public download that were inadvertently published on the site as a result of a configuration error. These files were not discoverable or indexed by search engines, such as Google.”

The configuration error has been corrected, according to the October 31 statement, and the company continues to review the content of the accessed files. 

“We have not identified any information in the content that an actor could have used to access any of our production or enterprise environments,” the company said. 

Cisco previously dealt with a data breach in 2022, when a Yanluowang ransomware attack resulted in the theft of documents from an employee Box folder.

CybercrimeIndustryNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Schneider Electric says hackers accessed internal project execution tracking platform

Next Post

New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers

Related Posts

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
Avatar
Read More

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat
Avatar
Read More