Zscaler Investigating Data Breach After Hacker Claims Access for Sale
Zscaler Inc., a cybersecurity company, is investigating a imaginable records breach. The investigation is attributable to a claim by a smartly-identified hacker who has said that they are selling access to Zscaler Inc.’s programs and records.
On Wednesday, a risk actor, “IntelBroker,” posted on a heart-broken web dialogue board offering to promote access to a cybersecurity company with $1.8 billion in revenue, which works Zscaler’s profile. The hacker claimed the access entails “confidential and highly severe logs filled with credentials,” SMTP access, SSL certificates, and other silent records. The asking ticket became once $20,000 in cryptocurrency.
In response, Zscaler posted a statement on its belief portal pronouncing it has launched an investigation but has not found evidence of a breach.
Free Webinar : Live API Attack Simulation
94% of organizations skills safety complications in production APIs, and one in five suffers a records breach. As a consequence, cyber-assaults on APIs elevated from 35% in 2022 to 46% in 2023, and this model continues to rise:
Key Takeaways:
- An exploit of OWASP API Top 10 vulnerability
- A brute force ATO (Account Takeover) attack on API
- A DDoS attack on an API
- Distinct safety mannequin automation to stop API assaults
Birth keeping your APIs from hackers
“We rob each doable risk and claim very seriously and can proceed our rigorous investigation,” the company said. “Zscaler’s precedence is our customer and production surroundings and we now enjoy not found any evidence of incident or compromise to these environments. We’re persevering with our investigation and closely monitoring the subject.”
The company later supplied an update pointing out that it found an “isolated test surroundings on a single server (with none customer records) which became once exposed to the facts superhighway.” Zscaler said this test surroundings became once taken offline for forensic prognosis but reiterated that no company, customer, or production programs enjoy been impacted.
IntelBroker has been linked to quite so much of excessive-profile records breaches previously year, including hacks of DC Properly being Hyperlink, Acuity, Home Depot, and the Los Angeles World Airport. The hacker’s beautiful id is unknown.
Zscaler is one amongst the largest cloud safety services, serving over 6,000 customers globally. The company’s inventory ticket fell over 4% in shopping and selling on Wednesday following the breach claims.
The doable breach highlights the continuing threats facing even basically the most smartly-known cybersecurity companies. As the investigation continues, Zscaler customers shall be staring at closely for any signs that their records has been compromised.
The incident additionally underscores the importance of surroundings aside test environments from production programs to limit the blast radius of any a hit intrusion.
Zscaler said further updates shall be supplied because the investigation progresses. Within the meantime, the company has not confirmed the authenticity of IntelBroker’s claims or whether or not a transaction for the alleged access has happened.
Source credit : cybersecuritynews.com