As of September 1st, 2025, Zscaler, a major cloud security company, has confirmed a significant data breach. The notorious threat actor known as IntelBroker has claimed responsibility and has already leaked highly sensitive customer data on a dark web forum.
The breach offers a disturbing look at the potential risks associated with even the most trusted security vendors, shaking confidence across the industry.
IntelBroker posted the data for sale and published a detailed proof-pack. This file included evidence that they had access to Zscaler’s internal systems.
The actor said they had stolen SSL passkeys. They also claimed to have taken network policy information and administrator login details for some of Zscaler’s largest customers.
The stolen data was reportedly sold to a private buyer first. A part of it was later leaked to the public to show that the hack was real. Cybersecurity analysts are now working quickly to understand the full damage from the exposed information.
What This Breach Means for Vendor Trust
This event shows a very important weakness in modern security methods for businesses. When a main security vendor like Zscaler is breached, the effects spread widely.
For years, experts have warned about the danger of having a single point of failure. This incident is a real and concerning example of that danger happening.
The breach is a disastrous event for the thousands of businesses that send all their network traffic through Zscaler (Maybe even resulting in them looking into Zscaler alternatives).
It could give attackers a direct map into their internal networks. Security teams at the affected businesses must now assume their network settings and login details are exposed. This has caused them to start their emergency plans all over the world. This situation weakens the basic idea of zero trust when the source of that trust is broken.
Who is IntelBroker?
IntelBroker is a known threat actor who is motivated by money. Their main goal is to make money, unlike groups that work for governments. They specialize in breaking into well-known technology and government groups.
In their post, IntelBroker made fun of Zscaler's security practices. They said a company that sells security should be better at practicing it.
They pointed to the breach as a lesson in operational security mistakes.
Operational Details Exposed By The Hack:
- Primary Motive: The actor’s post on the forum shows what they want. The data is for sale. Allegedly, Intelbroker sold the same for $20,000 in cryptocurrency. This price means many other criminal groups can afford it.
- Proof of Access: To prove their claims, IntelBroker leaked screenshots. These images were of Zscaler's internal support websites, customer support tickets, and system records that showed administrator access. This leak included lists of usernames and hashed passwords.
How to Stop Data Theft From Vendor Breaches?
Breaches at trusted vendors show that no single solution is perfect. Attackers will always find a way to get past outside security.
To stop a vendor breach from becoming a disaster for the business, it is very important to have a security system that keeps your user identity and access rules separate from your network service.
This incident shows that good network security is not enough if the login details used to manage it can be stolen.
No system is completely safe from a dedicated attacker using a trusted partner's weakness.
Software like Infisign lets you set up a system to defend user accounts from being misused.
- It protects users with new passwordless sign-in methods. This method greatly lessens the danger of stolen login details.
- Also, a privileged access management (PAM) system makes sure that only specific people can access the most sensitive information. If an attacker gets into the network through a breached vendor, the PAM system blocks them from reaching important data and servers.
Ready to protect your company from cyber threats? Get in touch with the Infisign team for a free demonstration!
