The company has said it didn't suffer a breach, but announced a threat actor downloaded data on a public-facing DevHub environment.