Cisco Data Leak Breach Exposes Critical Cybersecurity Risks

Executive Summary

In October 2024, Cisco experienced a significant cybersecurity breach due to the exploitation of exposed credentials and secrets in its public development environment, DevHub. The threat actor, known as ‘IntelBroker’, leveraged publicly accessible API tokens and keys, gaining unauthorized access to Cisco’s internal systems and sensitive customer data. The breach highlights critical vulnerabilities in the management of Non-Human Identities (NHIs) within the organization, as these secrets were stored improperly and lacked adequate access controls. The scale of the breach is substantial, affecting numerous customer accounts and potentially compromising sensitive information.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• October 2024: Cisco’s DevHub is breached by ‘IntelBroker’, leading to unauthorized access.
• Immediate discovery of the breach triggers an internal investigation.

Data Compromised

• Exposed secrets include API keys, tokens, and hard-coded credentials.
• Customer data stored within Cisco’s internal systems may have been accessed.

Impact Assessment

• Potential exposure of sensitive data affecting numerous customers.
• Increased risk for malicious actors to exploit compromised credentials further.

Company Response

• Cisco initiated an internal investigation and began the process of credential rotation.
• The company is reviewing security measures and access controls on DevHub.

Security Implications

• This breach underscores the importance of securing NHIs and rotating credentials regularly.
• Improper storage of sensitive information in publicly accessible locations must be addressed.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.