On December 16, 2024, the IntelBroker hacker released 2.9 GB of data stolen from Cisco’s public DevHub portal. The leak was part of a wider breach involving about 4.5 TB of data. Criminals including “@zjj” and “@EnergyWeaponUser” exploited an open API token vulnerability to gain access to sensitive information.
Stolen data includes:
The hackers first announced the breach on BreachForums and published the data, including files related to Cisco IOS XE & XR, Cisco Webex, and Cisco Umbrella, to back up their claims. IntelBroker also claimed that the stolen data included information from companies such as Microsoft, AT&T, Bank of America and Vodafone.
Cisco acknowledged this, but said its mission-critical systems were not affected. The leak occurred due to a misconfiguration of the DevHub portal, which provides developers with access to resources such as code and APIs. The company temporarily shut down access to DevHub and cooperated with law enforcement and cybersecurity experts. Cisco emphasized that the stolen data did not contain any financial or personally identifiable information (PII).