Fortinet, the third-largest cyber security firm in the world, confirmed on Thursday that they suffered a data breach after a hacker claimed unauthorized access to a third-party cloud-based file-sharing service used by the company, affecting a small number of its customers in the Asia-Pacific region.
Fortinet, a company based in Sunnyvale, California, develops and sells security solutions, such as firewalls, endpoint security, and intrusion detection systems.
Interestingly, a threat actor known as “Fortibitch” claimed on a hacking forum that they had stolen 440GB of files from the company’s Microsoft Sharepoint server. This contained the credentials to an alleged S3 bucket (a digital box to store files online) for others to download. They added that they even tried to extort Fortinet into paying a ransom, which the company refused to pay (via BleepingComputer).
“Fortinet has recently acquired Next DLP. FYI, DLP is Data Loss Prevention. They’ve also acquired Lacework, a cloud security company. Guess what? Their Azure Sharepoint got leaked. 440 GB of data available on my S3 bucket,” read the announcement published by Fortibitch on a cybercrime forum.
In response to the incident, Fortinet posted a Notice of Recent Security Incident on Thursday, which said that an individual had managed to gain unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive.
It also added that there is no indication that this incident has resulted in malicious activity affecting any customers.
The company added that Fortinet’s operations, products, and services remain unaffected, and no evidence of additional access to any other Fortinet resource has been identified.
Further, Fortinet also confirmed that the incident did not involve any data encryption, deployment of ransomware, or access to the company’s corporate network.
While Fortinet did not disclose what data had been compromised, it mentioned that only a small number (less than 0.3%) of Fortinet customers were affected by the data breach, and the company has communicated with them directly as appropriate.
“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” the company wrote in the Notice.
“After identifying the incident, we immediately began an investigation, contained the incident by terminating the unauthorized individual’s access, and notified law enforcement and select cybersecurity agencies globally. A leading external forensics firm was engaged to validate our own forensics team’s findings.”
The company has also implemented additional internal processes to help prevent a similar incident from reoccurring, including improved account monitoring and threat detection measures.
Leave a Reply