View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 9, 2024updated 10 May 2024 7:04am

Zscaler calls investigators in amid breach speculation

Zscaler confirmed that it had taken a “test environment” offline amid rumours of a larger breach of its systems, but claimed that customers remained unaffected.

By Greg Noone

Zscaler has enlisted independent investigators to determine if its systems were breached. The cloud security company also confirmed that it had taken an isolated test environment offline after discovering it had been exposed to the internet, but said that the server contained no customer data and was not connected to its wider systems. As such, Zscaler claimed that there had been no impact on customers or its corporate environments due to this inadvertent breach. Tech Monitor reached out to the firm for comment, but the company’s spokesperson did not elaborate beyond the statement it posted this morning.

“During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation,” said the company. “We continue to monitor the situation and will provide additional updates through the completion of the investigation.”

A photo of the Zscaler logo atop an office building.
Zscaler has acknowledged that one of its test environments was inadvertently exposed to the internet but denied rumours of a wider systems breach. (Photo by Shutterstock)

Zscaler fights rumours on X of wider hack

The announcement follows rumours on X (formerly known as Twitter) of a threat actor named IntelBroker claiming to have breached the systems of a then-unnamed cybersecurity company.  According to the post, this included confidential logs, SSL passkeys and SMTP access, with access priced at $20,000. 

Zscaler did not confirm these rumours but reiterated that it had not discovered any evidence of a breach thus far and was continuing to investigate and monitor the situation. However, an individual claiming to be an employee of the firm rubbished the rumours on Mastodon. “As an employee of Zscaler, I can confirm that the claim of a breach is completely inaccurate and unfounded,” they said. “Unless you see an announcement directly from us, any claims of a successful breach should be viewed as unreliable hearsay.”

IntelBroker associated with several large breaches

This wouldn’t be the first time IntelBroker has appeared on cybersecurity researcher radars. Last month, the threat actor claimed to have hacked the French hospitality firm Accor and exposed the personal information of 620,000 people. IntelBroker has also been associated with breaches at General Electric, Home Depot and the Chinese shopping platform PandaBuy

The exposure of Zscaler’s test environment comes just weeks after the cybersecurity firm published a report claiming that it had blocked 2bn phishing transactions across its Zero Trust Exchange platform. Earlier this month, the firm’s chief executive Jay Chaudhry extolled the benefits of using machine intelligence to derive vital insights from this immense dataset. Whereas previously it would have taken days to amass information about vulnerabilities in critical systems, Chaudhry said in an interview with SiliconANGLE, AI makes it “available in a matter of seconds. So, identifying your attack surface, the starting point of attack, becomes easy.” 

Read more: Will generative AI really supercharge phishing attacks?

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.