Cisco has verified that approximately 4GB of recently leaked data is authentic, confirming this as the second data release connected to an October 2024 security incident. The technology company maintains that its core systems remain secure, with the exposed data originating from a public-facing developer resource platform.
The latest leak occurred on December 25, 2024, when a threat actor known as IntelBroker posted 4.45GB of data on BreachForums. Cisco's analysis confirms these files match the data set identified during their investigation of the October incident.
The exposed information came from Cisco's DevHub environment, a platform providing development resources like software code and documentation to customers. While much of this content was intended for public access, some unauthorized files were inadvertently exposed, including:
- Product source code and scripts
- Digital certificates and encryption keys
- Configuration files
- Development documentation
In October 2024, IntelBroker claimed access to various assets including GitHub projects, credentials, certificates, and customer data. The actor initially reported obtaining 800GB of files, later revising the claim to 4.5TB.
Cisco has disabled public access to DevHub while investigating. The company states no breach of internal systems occurred and no sensitive customer information was compromised. "We have not identified any information that could have been used to access our production or enterprise environments," Cisco officials noted in their latest update.
IntelBroker has previously targeted major organizations including AMD, Microsoft, Bank of America, and others. Cisco continues monitoring the situation and working directly with any potentially impacted customers.