Cisco DevHub Data Leaked on BreachForums: Hacker Claims 4.5TB Stolen
On the hacker forum BreachForums, data stolen from Cisco’s DevHub platform was published. A hacker known by the alias IntelBroker claims this is merely a fraction of over 4.5 TB of acquired information.
In October, IntelBroker alleged they had breached Cisco’s systems, gaining access to source code, certificates, credentials, confidential documents, encryption keys, and other sensitive materials. The leaks reportedly included data linked to products from major companies.
Cisco conducted an investigation and confirmed the document leak but denied any breach of its systems. According to their findings, the data was extracted from the public-facing DevHub environment, a platform intended for clients to access source code, scripts, and other resources.
The company clarified that most of the content on DevHub was publicly accessible, although hackers also downloaded files not intended for public use. A site misconfiguration allowed unauthorized publication of certain materials, including documents related to clients from CX Professional Services.
Initially, Cisco stated that the stolen files did not include sensitive information such as personal or financial data. However, this assertion was later removed from the company’s reports.
Earlier this week, IntelBroker posted 2.9 GB of data on BreachForums, claiming the published files pertain to Cisco products—Catalyst, IOS, Identity Services Engine (ISE), Secure Access Service Edge (SASE), Umbrella, and WebEx. The leaked content reportedly included JavaScript and Python files, certificates, and library files.
The hacker asserts that 4.5 TB of data was downloaded from DevHub, although earlier claims indicated a volume of 800 GB. IntelBroker is known for exaggeration, leaving the exact scale of the breach uncertain.
Cisco has acknowledged IntelBroker’s publication and considers the files as those already identified during its internal investigation. The company reiterated that there was no system breach and emphasized that the leaked materials do not contain information that could be exploited to access production or corporate environments.