{"id":1574,"date":"2025-01-20T11:25:47","date_gmt":"2025-01-20T11:25:47","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1574"},"modified":"2025-01-20T11:25:47","modified_gmt":"2025-01-20T11:25:47","slug":"hpes-sensitive-data-exposed-in-alleged-intelbroker-hack","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1574","title":{"rendered":"HPE\u2019s sensitive data exposed in alleged IntelBroker hack"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).<\/p>\n

The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally identifiable information (PII) of customers.<\/p>\n

\u201cToday, I am selling the HPE data breach,\u201d IntelBroker said in a BreachForums post<\/a>. \u201cWe have been connecting to some of their services for about 2 days now.\u201d<\/p>\n

Source code and private data exposed<\/h2>\n

In their BreachForums post, IntelBroker offered to sell a large amount of sensitive HPE data, including source codes, user data, and access keys.<\/p>\n

Compromised data include \u201cSource code: Private GitHub repositories, Docker builds, SAP Hybrid, Certificate (private and public keys),\u201d IntelBroker wrote. \u201cAccess: API access, WePay, Github, Github (self-hosted) and more!\u201d<\/p>\n

Additionally, the stash allegedly contains HPE\u2019s Zerto and iLO source codes, along with delivery PIIs of HPE\u2019s old users.<\/p>\n

Media outlet Hackread.com, which claims to have seen the data sample shared by the hacker, reported it appeared to \u201creference a development or system environment involving both open-source software and proprietary package management systems.\u201d \u201cSeveral findings\u201d from a Hackread initial analysis revealed that hacker\u2019s claims mostly check out.<\/p>\n

IntelBroker has reportedly said that the breach was a direct hack and did not involve a third-party compromise.<\/p>\n

Hacker on a spree<\/h2>\n

IntelBroker, a regular figure on BreachForums, has made significant waves in 2024 with a series of high-profile attacks.<\/p>\n

This hacker has targeted a diverse range of organizations in the past, such as General Electric, Europol, Lulu Hypermarket, and Zscaler, with earlier breaches including major players like Home Depot, Facebook Marketplace, and Space-Eyes. In June 2024, IntelBroker escalated its activities by leaking or selling data from companies like T-Mobile, AMD<\/a>, and Apple.<\/p>\n

Recently in October, IntelBroker offered to sell a huge corpus of Cisco breach data<\/a> which experts linked to the June leaks given T-Mobile, AMD\u2019s extensive use of Cisco services, but the connection was never confirmed. HPE did not respond to email queries about the attack. While IntelBroker has previously exaggerated Apple<\/a> and Europol<\/a> breaches, the threat actor is not known to have made an entirely false breach claim in the past.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE). The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and […]<\/p>\n","protected":false},"author":0,"featured_media":1575,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1574","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1574"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1574"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1574\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1575"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}