Zscaler shuts down supposed test environment after claims of breach

Zscaler recently took down a "test environment" following rumors suggesting a breach. On May 8th, 2024, Zscaler reported that an exposed test environment was identified and subsequently taken offline for detailed analysis. This action followed reports of a threat actor IntelBroker allegedly selling access to Zscaler's systems.

On their trust page, Zscaler claims no evidence of breaches in its customer or production environments.

UPDATE [Wed, 08 May 2024 23:09:00 UTC] - Zscaler can confirm there is no impact or compromise to its customer, production and corporate environments.

Zscaler has confirmed the discovery of an isolated test environment exposed online, which was not hosted on Zscaler infrastructure and had no connection to their core environments. The test environment was promptly taken offline for forensic examination.

No details are available about the nature of the breach.

IntelBroker is allegedly selling access to a major cybersecurity firm's systems, describing the access as including:

• Confidential logs with credentials,
• SMTP Access,
• PAuth Pointer Auth Access,
• SSL Passkeys,
• SSL Certificates.

While IntelBroker did not explicitly name the company, a screenshot shared on the Breach Forums linked Zscaler to the alleged breach.