Zscaler Investigating Data Breach After Hacker Claims Access for Sale

Zscaler Inc., a cybersecurity company, is investigating a possible data breach. The investigation is prompted by a claim by a well-known hacker who has stated that they are selling access to Zscaler Inc.’s systems and data.

On Wednesday, a threat actor, “IntelBroker,” posted on a dark web forum offering to sell access to a cybersecurity company with $1.8 billion in revenue, which matches Zscaler’s profile. The hacker claimed the access includes “confidential and highly critical logs packed with credentials,” SMTP access, SSL certificates, and other sensitive data. The asking price was $20,000 in cryptocurrency.

In response, Zscaler posted a statement on its trust portal saying it has launched an investigation but has not found evidence of a breach.


Free Webinar : Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise:

Key Takeaways:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Start protecting your APIs from hackers

“We take every potential threat and claim very seriously and will continue our rigorous investigation,” the company said. “Zscaler’s priority is our customer and production environment and we have not discovered any evidence of incident or compromise to these environments. We are continuing our investigation and closely monitoring the situation.”

The company later provided an update stating that it discovered an “isolated test environment on a single server (without any customer data) which was exposed to the internet.” Zscaler said this test environment was taken offline for forensic analysis but reiterated that no company, customer, or production systems were impacted.

IntelBroker has been linked to several high-profile data breaches in the past year, including hacks of DC Health Link, Acuity, Home Depot, and the Los Angeles International Airport. The hacker’s true identity is unknown.

Zscaler is one of the largest cloud security providers, serving over 6,000 customers globally. The company’s stock price fell over 4% in trading on Wednesday following the breach claims.

The potential breach highlights the ongoing threats facing even the most prominent cybersecurity firms. As the investigation continues, Zscaler customers will be watching closely for any signs that their data has been compromised.

The incident also underscores the importance of isolating test environments from production systems to limit the blast radius of any successful intrusion.

Zscaler said further updates will be provided as the investigation progresses. In the meantime, the company has not confirmed the authenticity of IntelBroker’s claims or whether a transaction for the alleged access has occurred.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.