Cisco confirms data breach affecting Cisco.com user accounts
▼ Summary
– Cisco disclosed a data breach where cybercriminals stole basic profile information from Cisco.com users via a vishing attack targeting an employee.
– The attacker accessed a third-party CRM system, compromising names, email addresses, phone numbers, and account metadata, but no sensitive data like passwords.
– Cisco terminated the attacker’s access, notified affected users, and is implementing additional security measures, including employee re-education on vishing.
– The breach is suspected to be part of a broader wave of Salesforce CRM attacks linked to the ShinyHunters group, impacting companies like Adidas and Chanel.
– Cisco previously faced a separate security incident in October when a misconfigured DevHub portal led to leaked non-public data.
Cisco has revealed a security breach impacting Cisco.com user accounts after hackers successfully executed a voice phishing scam targeting an employee. The incident, detected on July 24th, involved unauthorized access to a cloud-based CRM system, exposing basic profile details of registered users.
According to Cisco, the compromised data includes names, email addresses, phone numbers, company affiliations, and account metadata like creation dates. The company emphasized that no passwords, financial details, or proprietary customer information were accessed, and its core products and services remain unaffected. Immediate action was taken to revoke the attacker’s access, with investigations underway and regulatory authorities notified where necessary.
To prevent future breaches, Cisco plans to enhance security protocols and retrain staff on identifying phishing attempts. While the exact number of affected users remains undisclosed, the breach raises concerns about targeted attacks on third-party CRM platforms.
This incident aligns with a broader trend of social engineering attacks exploiting Salesforce systems, with major brands like Adidas, Chanel, and LVMH-owned luxury labels also reporting similar breaches. Though unconfirmed, cybersecurity experts suspect the involvement of extortion groups like ShinyHunters, known for leveraging vishing tactics to infiltrate corporate databases.
Cisco has not clarified whether the stolen data originated from a compromised Salesforce instance or if ransom demands were made. This breach follows another security lapse in October, when a misconfigured DevHub portal led to the leak of non-public data by a hacker known as IntelBroker. At the time, Cisco confirmed the exposure of files linked to its CX Professional Services customers.
The company has yet to provide additional details regarding the scale of the latest breach or specific remediation steps for impacted users.
(Source: Bleeping Computer)
