Fortinet has confirmed a data breach that has allegedly compromised 440GB of Azure SharePoint files containing Fortinet customer data.
The company, in a Thursday blog, said it suffered a security breach that has compromised a “limited” number of customer files without involving any data encryption, deployment of ransomware, or access to Fortinet’s corporate network.
“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers,” Fortinet said.
Someone using the moniker “Fortibitch”, meanwhile, offered the stolen data for download on the dark web after Fortinet allegedly declined a ransom demand from them.
Fortinet assures minimal disruption
There has been no indication that the incident resulted in malicious activity affecting any customers, Fortinet said in the blog. “Fortinet’s operations, products, and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource.”
Although the blog was posted hours after the alleged dumping of stolen data on the dark web, Fortinet said it immediately reached out to customers and helped them with the risk mitigation plans.
“Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,” the cybersecurity giant added. The company also said that it initiated an investigation and has now successfully terminated the unauthorized access.
Fortinet is yet to publicly confirm the type and size of data breached in the incident. Questions emailed to Fortinet regarding the validity of Fortibitch’s ransomware claims and additional details on the breach remained unanswered till the publishing of this article.
Failed negotiations
Fortibitch, in their claim on the dark web, said they were able to access Azure SharePoint data from an open Amazon S3 bucket and are now making it all public as Fortinet has declined their ransom demands.
The hacker, reportedly, has also shared the credentials to the open Amazon S3 bucket as a retaliatory step. They also called Fortinet out for not yet filing an SEC form 8-K detailing the loss from the incident, a fact Fortinet’s shareholders and customers may not like.
Several internet users praised Fortinet for not paying up but that may yet change as additional details about the incident and the nature of the data compromised pour in. Fortinet has suffered multiple security incidents this year, including nation-state exploitation of critical Nday bugs.
No Responses