The hacker known as IntelBroker has claimed responsibility for breaching Hewlett Packard Enterprise (HPE), exposing sensitive data, including source code, certificates, and personally identifiable information (PII), now available for sale online. This incident was revealed in a conversation with Hackread.com and later announced on Breach Forums, a cybercrime forum the hacker administers.
IntelBroker claims breach of HPE, sensitive data exposed
IntelBroker, previously linked to numerous high-profile data breaches, stated that the breach resulted from a direct attack on HPE’s infrastructure, rather than through compromising a third party, which is common in other breaches. The hacker is reportedly demanding payment in Monero (XML) cryptocurrency to maintain anonymity.
The stolen data, according to IntelBroker, includes source code, private GitHub repositories, Docker builds, both private and public cryptographic certificates, user data related to old deliveries, and access to APIs and WePay. A data tree and two internal screenshots were shared, demonstrating what appears to be a development or system environment containing both open-source and proprietary assets.
Hackread.com’s analysis of the data tree revealed references to private keys and certificates, suggesting potential exposure of sensitive cryptographic material. Source code for HPE products like iLO and Zerto was identified, indicating leaked proprietary implementations. Further analysis uncovered files associated with private repository directories, along with .tar archives pointing to compromised development resources.
The screenshots provided insights into HPE’s internal systems, with one showcasing details of the SignonService web service, including endpoint addresses and WSDL links. The second screenshot disclosed sensitive configuration details, exposing credentials for Salesforce and QIDs integrations, as well as internal URLs, which may highlight serious security vulnerabilities within HPE’s infrastructure.
This breach marks a new incident for HPE, which previously encountered a cybersecurity incident in January 2024 when it disclosed to the SEC that state-sponsored Russian hackers breached its servers, targeting mailboxes of employees in critical functions.
IntelBroker has been associated with other significant breaches, including a reported attack on Cisco in October 2024, during which terabytes of data were stolen due to a misconfigured public-facing DevHub resource. The hacker also claimed to have breached Nokia and AMD, indicating a pattern of targeting large companies for sensitive data acquisition.
Featured image credit: HPE
