Security breach hits Cisco users

Cisco's Web portal has been compromised, although the cause of the incident is unknown.

Cisco customers received emails on Tuesday from the networking equipment company advising them of a security breach.

And the company admitted the Cisco.com Web portal has been compromised and that customers need to change their passwords.

Cisco said: "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users.

"As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords. Needless to say we're investigating the incident which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."

The company also stressed on its Web site that the incident appears unrelated to flaws in Cisco products.

Security experts, however, are unsure as hackers around the world have been racing to find a vulnerability in Cisco equipment since it was described by security researcher Michael Lynn at the Black Hat conference last week. Cisco and Lynn's former employer, ISS, have taken legal action against the researcher following the presentation.

One industry source said: "I think this has the possibility of having a significant impact on corporations and the intellectual property of Cisco."

But others disagree. Michael Maddison, director of enterprise risk services for Deloitte, said: "I think it's more likely to be a vulnerability in Web applications than Cisco equipment. That's my opinion — we see vulnerabilities in Web pages all the time."