Zscaler has enlisted independent investigators to determine if its systems were breached. The cloud security company also confirmed that it had taken an isolated test environment offline after discovering it had been exposed to the internet, but said that the server contained no customer data and was not connected to its wider systems. As such, Zscaler claimed that there had been no impact on customers or its corporate environments due to this inadvertent breach. Tech Monitor reached out to the firm for comment, but the company’s spokesperson did not elaborate beyond the statement it posted this morning.
“During the afternoon of May 8, we engaged a reputable incident response firm that initiated an independent investigation,” said the company. “We continue to monitor the situation and will provide additional updates through the completion of the investigation.”
Zscaler fights rumours on X of wider hack
The announcement follows rumours on X (formerly known as Twitter) of a threat actor named IntelBroker claiming to have breached the systems of a then-unnamed cybersecurity company. According to the post, this included confidential logs, SSL passkeys and SMTP access, with access priced at $20,000.
Zscaler did not confirm these rumours but reiterated that it had not discovered any evidence of a breach thus far and was continuing to investigate and monitor the situation. However, an individual claiming to be an employee of the firm rubbished the rumours on Mastodon. “As an employee of Zscaler, I can confirm that the claim of a breach is completely inaccurate and unfounded,” they said. “Unless you see an announcement directly from us, any claims of a successful breach should be viewed as unreliable hearsay.”
IntelBroker associated with several large breaches
This wouldn’t be the first time IntelBroker has appeared on cybersecurity researcher radars. Last month, the threat actor claimed to have hacked the French hospitality firm Accor and exposed the personal information of 620,000 people. IntelBroker has also been associated with breaches at General Electric, Home Depot and the Chinese shopping platform PandaBuy.
The exposure of Zscaler’s test environment comes just weeks after the cybersecurity firm published a report claiming that it had blocked 2bn phishing transactions across its Zero Trust Exchange platform. Earlier this month, the firm’s chief executive Jay Chaudhry extolled the benefits of using machine intelligence to derive vital insights from this immense dataset. Whereas previously it would have taken days to amass information about vulnerabilities in critical systems, Chaudhry said in an interview with SiliconANGLE, AI makes it “available in a matter of seconds. So, identifying your attack surface, the starting point of attack, becomes easy.”
Read more: Will generative AI really supercharge phishing attacks?
