Cisco says that personal recordsdata lately downloaded by a risk actor from a misconfigured public-facing DevHub portal do not include info that might be exploited in future breaches of the corporate’s methods.
Whereas analyzing the uncovered paperwork, the corporate discovered that their contents embrace information that Cisco publishes for purchasers and different DevHub customers. Nonetheless, recordsdata that should not have been made public have been additionally out there, some belonging to CX Skilled Companies clients.
“So far, in our research, we’ve determined that a limited set of CX Professional Services customers had files included and we notified them directly,” Cisco mentioned.
“Our teams have indexed and continue assessing the content of those files, and we continue to make steady progress. We have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.”
Cisco has since corrected the configuration, restored public entry to the DevHub web site, and says that internet search engines like google and yahoo didn’t index the uncovered paperwork.
This replace comes after Cisco confirmed final month that it took its public DevHub web site offline (a useful resource middle for purchasers the place it publishes software program code, templates, and scripts) after a risk actor leaked what the corporate described on the time as “non-public” information.
The corporate added that it discovered no proof that any monetary information or private info had been uncovered or stolen from the general public DevHub portal earlier than it was taken offline.
IntelBroker (the risk actor behind the leak) instructed BeelpingComputer additionally they allegedly gained entry to a Cisco JFrog developer surroundings by means of an uncovered API token.
Screenshots and recordsdata the risk actor shared with BeelpingComputer confirmed they gained entry to supply code, configuration recordsdata with database credentials, technical documentation, and SQL recordsdata.
Whereas Cisco says its methods have not been breached, info shared by the risk actor signifies that additionally they breached a third-party growth surroundings, permitting them to steal information.
BleepingComputer contacted Cisco with additional questions on IntelBroker’s claims, however the firm has not replied.
