Guest

Cisco Security

Incident Response Page: Data Exposure

Security Incident: Cisco Professional Careers Mobile Website

As part of Cisco’s commitment to trust and transparency, users of the Cisco Professional Careers mobile site were notified on November 2nd, 2016 about a situation that could potentially affect them. We recommend that affected users take precautionary steps noted below to protect their identity.

Cisco takes its responsibility to protect information seriously. We apologize for any inconvenience this incident may cause.

What Happened

An independent security researcher discovered that a limited set of job application-related information on Cisco’s Professional Careers mobile website was accessible (https://mjobs.cisco.com). Cisco’s investigation found this to be the result of an incorrect security setting following system maintenance on a third party’s website. Upon learning this, the setting was immediately corrected and user passwords to the site were reset.

Our combined investigation discovered that the incorrect settings were in place twice. The first time was from August 2015 to September 2015, and the second was from July 2016 to August 2016. At this time, based on our investigation, we do not believe that this information was accessed by anyone beyond the researcher who found and reported the issue. However, we are taking precautionary steps.

Cisco is requiring affected users to reset their password upon their next login to the mobile Professional Careers website by clicking “Forgot My Password.” Additionally, access to the site using security questions has been disabled.

Many people use the same passwords on multiple websites. As such, anyone who received notification should update/change login credentials, password and security questions, and answers for any other websites that use the same credentials and information as the Cisco Professional Careers mobile website.

We continue to investigate and monitor the incident. Steps are being taken to mitigate such incidents from occurring in the future. As additional information about this event becomes available, this page will be updated accordingly.

If affected users have questions or concerns, they can contact Cisco at cisco-data-incident@cisco.com.

Revision History

 

Date

Description

September 10, 2018 Moved content to a new URL.
November 2, 2016 Initial public release.