Cisco Alerts Conference Attendees To Possible Database Hack
Was the attendee information of thousands of Cisco Live attendees accessed by a hacker? It appears that way, following an e-mail notice Cisco apparently sent Thursday to some Cisco Live attendees, indicating that an attempt was made at unauthorized access to the database on the final day of the conference.
Network World was first to report on the e-mail from Cisco, posting what appears to be a copy of the e-mail to its Cisco Subnet blog. The e-mail recipient, Pluto Networks CEO and Chairman Larry Chaffin, states in the blog post that he did not attend Cisco Live.
According to the text of the e-mail shown in the post, Cisco says that "on the final afternoon of Cisco Live, one of our vendors identified an unexpected attempt to access attendee information through ciscolive2010.com. The ability to access this information was quickly removed, but not before some conference listings were accessed.
"Cisco Live takes the security of attendee information very seriously and immediately elevated this matter to our chief security officer," the note continues. "His team completed a thorough review and as a result we believe your registration information -- specifically your Cisco Live badge number, name, title, company address and e-mail address -- was accessed. No other information was available or accessed."
Cisco continues: "Although these details are commonly accessed by our World of Solutions partners and often freely provided by Cisco Live attendees, we felt it was our responsibility to inform you as quickly as possible. As we cannot yet confirm the information was accessed by an authorized Cisco Live partner, we encourage you to consider the appropriate precautions to protect against any unwanted e-mail."
A solution provider reached by CRN Thursday afternoon said he had registered for and attended Cisco Live and had also received the same e-mail Thursday.
"It doesn't appear to be anything too serious, but I'm keeping an eye on it," said the solution provider, who requested his name not be used. "I'm not sure it's sensitive info that anyone couldn't have easily gotten anyway. But it's hard to tell what was accessed from what Cisco's said so far."
The note ends with an apology from Cisco for "any inconvenience that may result" and urges readers to contact Cisco at [email protected] with additional questions.
Kristin Carvell, Cisco legal affairs spokesperson, issued a statement late Thursday that said:
"Cisco has been made aware that some Cisco Live registration information may have been accessible to an outside party through the conference website. Our first priority is the security of our attendees, and we take their privacy very seriously. The ability to access this information was immediately removed, and the matter was elevated to Cisco’s chief security officer for immediate review. Our review showed that the name, title, affiliation, and email address of some Cisco Live attendees were exposed. We are currently reaching out to those individuals to keep them informed and offer our apologies for any inconvenience."