Cisco Event Response: Reports of Security Incident

Version 2.2: March 13, 2025

We completed our investigation into claims made by the BreachForums user known as IntelBroker.
A final detailed summary of our investigation can be found here: Cisco devhub.cisco.com Data Incident Summary_March 3 2025.pdf
Customers with outstanding questions can follow up with their account teams.

Version 2.1: December 26, 2024

Update:

We are aware of some recent social media posts made by the actor. Based on information available to us at this time, we believe that the files referenced in the posts are files that we had previously identified during our investigation and reported on. On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.
As noted in prior updates, we are confident that there has been no breach of our systems, and we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.

Version 2.0: November 15, 2024

Note: To provide additional clarity, references to and descriptions of Dev Hub have been amended in this update.

As noted in our previous updates, we are confident that there has been no breach of our systems, and we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments. We have determined that the actor downloaded certain files from publicly accessible devhub.cisco.com pages.

We compiled a list of files that we believe the actor downloaded from those publicly accessible devhub.cisco.com pages and assessed that some of those files related to a limited set of CX Professional Services customers.
We notified these customers directly, provided them with a copy of the relevant files, and have offered our assistance in reviewing those files.

We are working to finalize our assessment of the files in the coming weeks and if we identify further customer files, we will notify the relevant customers.
devhub.cisco.com is a Cisco resource center that, among other things, enables us to support our community by making software code, scripts, etc. publicly available for customers and other devhub.cisco.com users and share software artifacts with customers on a more individual basis.
The vast majority of the information on our publicly accessible devhub.cisco.com pages are software artifacts (for example, software code, templates, and scripts) that we make publicly available for customers, partners and others to use.
We have, however, identified files that were not intended for public download that were inadvertently published on the site as a result of a configuration error. These files were not discoverable or indexed by search engines, such as Google.
As noted previously, we promptly disabled public access to devhub.cisco.com.
The configuration error has been corrected, and we have since restored public access to devhub.cisco.com.
Customers with outstanding questions can follow up with their account teams.

This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.

This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.