Zscaler swats claims of a significant breach
On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be.
InteIBroker claims to have access to “logs packed with credentials”, SSL passkeys and certificates, SMTP and PAuth access, and is offering it all for $20,000.
Some six hours Zscaler confirmed that they discovered an isolated test environment on a single server that was exposed to the internet, but did not contain customer data.
“The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments,” the company said. “Zscaler can confirm there is no impact or compromise to its customer, production and corporate environments.”
The company did not mention whether any credentials and secrets have been compromised.
Zscaler took the test environment offline for forensic analysis and they engaged an incident response firm to perform an independent investigation to confirm or deny their own findings.
The investigation is still ongoing, so new revelations may come up.
But this also may turn out to be a non-event. Security researcher Kevin Beaumont has pointed out that the “IntelBroker” alias is used by multiple people and they are not an entirely reliable source of information.
The relatively low price asking price has also made many doubt their claims.
UPDATE (May 14, 2024, 01:25 p.m. ET):
“Following a thorough investigation, Zscaler concluded there is no impact or compromise to our customer, production and corporate environments,” the company stated on Tuesday.
“The impact was limited to an isolated single server test environment (without customer data) not hosted on Zscaler infrastructure. The independent third-party IR investigation, which conducted forensic analysis of the incident, is also complete, and the third-party findings are consistent with those of Zscaler.”