A hacker has leaked more data stolen from a Cisco DevHub instance and the tech giant has confirmed its authenticity and that it originated from a recently disclosed security incident.
The hacker known as IntelBroker announced on October 14 that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information.
Cisco’s investigation showed that its systems had not been breached and that the data was actually taken from a public-facing DevHub environment that served as a resource center providing source code, scripts and other content to customers.
While much of the data from this DevHub instance is already public, some of the files obtained by the hackers were not supposed to be public, Cisco admitted.
IntelBroker later confirmed that the data was obtained from a DevHub instance and started leaking files.
The hacker initially claimed to have obtained 800 Gb of files, but later said 4.5 Tb of data was taken from the DevHub environment. In mid-December he made available roughly 3 Gb of the data and on Christmas Day he leaked another batch of files, totaling more than 4 Gb.
The leaked data includes source code, scripts, digital certificates, and configuration files pertaining to Cisco products.
Cisco said following the second leak that it analyzed the data and found that it “aligns with the known data set from October 14, 2024.”
“As noted in prior updates, we are confident that there has been no breach of our systems, and we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments,” the company explained.
Cisco initially said it had no evidence that sensitive personal information or financial data was compromised, but it has since removed this statement from its incident reports.
