CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Security

Cisco warns customers of site breach

Company sends e-mails to site's users and advises people to change their passwords.

Cisco Systems' customers received e-mails Wednesday from the networking company advising them of a security breach of its Web site.

The company said Cisco.com has been compromised and that customers need to change their passwords.

"It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users," the company warned.

"As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords. Needless to say, we're investigating the incident, which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."

The company also stressed on its site that the incident appears unrelated to flaws in Cisco products.

Hackers around the world have been racing to find a vulnerability in Cisco equipment since it was described by security researcher Michael Lynn at the Black Hat conference in Las Vegas last week. Cisco and Lynn's former employer, Internet Security Systems, took legal action against the researcher following the presentation.

Cisco said the vulnerability was brought to the company's attention by a third-party security research organization and that no personal customer information had been compromised.

"We would like to thank them for contacting us so we could take appropriate action to protect our customers, partners and employees," a company representative said. "Cisco Systems is investigating the incident, and will work with outside agencies as appropriate."

Regarding the breach, one industry watcher said: "I think this has the possibility of having a significant impact on corporations and the intellectual property of Cisco."

But others disagree. Michael Maddison, director of enterprise risk services at Deloitte Touche Tohmatsu, said that "it's more likely to be a vulnerability in Web applications than Cisco equipment. That's my opinion--we see vulnerabilities in Web pages all the time."

Dan Ilett of Silicon.com reported from London. CNET News.com's Marguerite Reardon contributed to this report.