Cisco DevHub Leak Fixes, Hacker Access Via API Exposed

San Jose, November 4, 2024 — Cisco’s DevHub API leak exposed limited data but not enough for future breaches, swiftly secured to prevent deeper exploitation.

In a swift move to curb potential security fallouts, Cisco revealed that its DevHub portal leak, stemming from a misconfigured public-facing site, has been resolved. The breach, which exposed non-public data, included customer files and access details for a third-party environment through an API token.

However, Cisco maintains that no critical information that could compromise its main systems was leaked. Cisco’s investigation unearthed that some confidential files were mistakenly made public, involving content for CX Professional Services customers.

Our detailed review found no evidence that would enable unauthorized access to our production environments

The networking giant confirmed that only a limited group of CX clients was impacted, each receiving direct notifications. The breach’s roots trace back to IntelBroker, a known threat actor who accessed a JFrog developer environment, unveiling source code and database configuration details.

Despite the ominous signs, Cisco assured that personal and financial information remained protected.

While the exposed documents showed sensitive technical insights, the actual risk to enterprise security has been mitigated.

Cisco’s rapid action involved correcting the configuration flaw and preventing search engines from indexing any leaked content. The DevHub site has since resumed operations without residual vulnerabilities.

Other News At VPNRanks

Hey, wait!

Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!