Cisco confirms attackers stole data, shuts down access to compromised DevHub environment
The tech giant insists that no sensitive customer information has been compromised


Cisco has closed public access to one of its third-party developer environments after threat actors successfully stole data from a public-facing DevHub environment.
On 14 October, the prominent threat actor IntelBroker posted on BreachForums that they compromised data including source code, hard-coded credentials, certificates, API tokens, private and public keys, AWS private buckets, Docker builds, and Azure storage buckets as well as GitHub and GitLab projects.
The listing also claimed to have access to confidential documents and premium products belonging to Cisco.
IntelBroker listed a number of companies that had their production source code taken during the attack, including Verizon, AT&T, Bank of America, Barclays, British Telecoms, Microsoft, Vodafone, Chevron and Charter Communications.
On 15 October, Cisco announced it was investigating reports that a threat actor had claimed to have gained access to data belonging to Cisco and its customers.
The firm updated this advisory on 18 October, confirming that the data the unauthorized actors gained access to was hosted in a public-facing DevHub environment used as a resource center for community support.
“At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published,” the statement added.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm.”
Evidence points towards compromised third-party as Cisco maintains none of its systems were breached
IntelBroker, a Russia-based Serbian hacker, has been active in the black hat community since October 2022, and came to prominence after their attack on US food delivery service Weee! In 2023.
Since then IntelBroker has targeted major organizations including Europol, Pandabuy, Apple, and AMD, although in these most recent cases the victims have all queried the scope of the breach, claiming the threat actor’s access was limited to a small amount of data.
IntelBroker took to X on 16 October to goad Cisco, claiming they still had access to the developer environment.
RELATED WHITEPAPER
The post noted that Cisco had previously attempted to disable its access but had used hard-coded credentials on an SSH server IntelBroker identified within the exfiltrated data.
Two days later, Cisco announced it had disabled public access to the site while it continued its investigation, which IntelBroker confirmed shortly afterward on X, stating that the company had “finally revoked all our access. Closed our Docker, Maven hub[s] and SSH access.”
In its latest update, Cisco maintains it is confident there was no breach to its systems.
ITPro has approached Cisco for clarification on this matter but has not received a response.

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
By Solomon Klappholz
-
Cisco is jailbreaking AI models so you don’t have to worry about it
News Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
By Solomon Klappholz
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attack
News Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
By Solomon Klappholz
-
Cisco patches critical flaws in Identity Services Engine
News Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
By Nicole Kobie
-
Your office is now absolutely riddled with surveillance equipment
News While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
By Nicole Kobie
-
Cisco confirms investigation amid data breach claims
News The networking giant says its probe is ongoing amid claims a threat actors accessed company data
By Nicole Kobie
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
By Daniel Todd
-
Cisco: “AI is changing everything” – including security
News Cisco has unveiled a series of updates to its security and monitoring software
By Steve Ranger