- Partial Data Leak: Hackers leaked 2.9GB of Cisco’s data on Breach Forums on December 16, 2024.
- Exposed Records: The leaked data is part of a 4.5TB dataset that was allegedly left unprotected by Cisco in October 2024.
- Previous Incident: IntelBroker previously claimed responsibility for accessing the exposed data and attempted to sell it, including sensitive information from companies like Verizon, AT&T, and Microsoft.
- Cisco’s Response: Cisco previously denied any compromise of core systems, attributing the issue to a misconfigured public-facing DevHub resource.
- Proof of Legitimacy: IntelBroker released this partial leak to demonstrate the validity of their claims and attract buyers for the remaining data.
RIBridges Breach: Hackers infiltrated Rhode Island’s health and benefits system, demanding ransom and threatening to leak sensitive data.
On Monday, December 16, 2024, hackers leaked what they referred to as “partial data” belonging to technology and cybersecurity giant Cisco. The leak occurred on the cybercrime and data breach platform Breach Forums, where IntelBroker, a notorious hacker and the forum’s owner, released 2.9 GB of data for download.
Important Background
The leaked data is part of the 4.5TB content that hackers claim was left exposed by Cisco without any password protection or security authentication, allowing them to download the entire dataset in October 2024.
Hackread.com exclusively reported on the incident on October 14, 2024, when IntelBroker attempted to sell the data, which allegedly included source codes, confidential documents, and credentials belonging to global firms like Verizon, AT&T, Microsoft, and others.
At the time, Cisco did not respond to Hackread.com but denied any compromise of their core systems, attributing the incident to a misconfigured public-facing DevHub resource. However, IntelBroker maintained they had access until October 18 and provided evidence to Hackread.com showing they exploited an exposed token for JFrog, a software supply chain platform, to access the exposed content.
What’s in the Leaked Data?
This time, IntelBroker has leaked a portion of the data in an attempt to prove its legitimacy to potential buyers. “Hopefully, this proves the legitimacy of the breach to others wanting to buy the full version,” the hacker stated.
The 2.9GB leak reportedly contains the following:
- Cisco ISE (Identity Services Engine): A security policy platform that provides secure network access control and identity management.
- Cisco SASE (Secure Access Service Edge): A cloud-delivered solution that combines networking and security functions for secure access from anywhere.
- Cisco Webex: A collaboration platform offering video conferencing, messaging, and calling solutions for teams and businesses.
- Cisco Umbrella: A cloud-based DNS security solution that protects users from threats by securing internet access and blocking malicious domains.
- Cisco IOS XE & XR: Network operating systems used in Cisco routers and switches, enabling advanced networking, automation, and programmability.
- Cisco C9800-SW-iosxe-wlc.16.11.01: A software-based Wireless LAN Controller (WLC) image that manages and controls wireless networks running on Cisco Catalyst 9800 Series platforms.
Intel Broker and Previous Breaches
Intel Broker is known for high-profile data breaches. In June 2024, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about breaching AMD (Advanced Micro Devices, Inc.), and stealing employee and product information.
In May 2024, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:
- Tech in Asia
- Space-Eyes
- Home Depot
- Facebook Marketplace
- Staffing giant Robert Half
- U.S. contractor Acuity Inc.
- Los Angeles International Airport
- Alleged breaches of HSBC and Barclays Bank
Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis have targeted misconfigured servers and S3 buckets.
While Cisco has yet to respond to this latest development, IntelBroker’s actions also show how such incidents can escalate into extortion attempts. Whether the remaining 4.5TB dataset will be sold, leaked, or resolved remains to be seen, but it’s a reminder for organizations to maintain their security practices and protect sensitive data.