Zscaler Shoots Down Rumors, Confirms ‘No Impact’ From Exposed Test Environment

The cybersecurity vendor released a statement Wednesday after a threat actor claimed to have stolen data from a well-known security company.

Zscaler released a statement Wednesday saying it “can confirm there is no impact or compromise” to its customer or corporate systems, after a threat actor claimed to have stolen data from a major cybersecurity company.

The cybersecurity vendor said that its investigation found only that an “isolated test environment” — which did not contain customer data — had been exposed to the internet.

The threat actor, IntelBroker, claimed in a forum post that it would sell access to “one of the largest cyber security companies,” according to a screengrab shared on X. BleepingComputer reported that the threat actor elsewhere had identified Zscaler as the company in question.

Zscaler said in its initial statement Wednesday that it was investigating after a post was shared on X by a threat actor, claiming to “have potentially obtained unauthorized information from a cybersecurity company.”

In a later update to the statement Wednesday, Zscaler said it can dispel the rumors started by the threat actor.

“Zscaler can confirm there is no impact or compromise to its customer, production and corporate environments,” the company said in the statement.

“Our investigation discovered an isolated test environment on a single server (without any customer data) which was exposed to the internet,” Zscaler said. “The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments.”

The test environment “was taken offline for forensic analysis,” the company added.