- Popular cybersecurity firm Fortinet has been hit by a cyber attack. 440 GB of data has been stolen.
- The attack was carried out by a hacker group named “Fortibitch”. The group tried to extort a ransom from the company and posted the data on a hacking forum when it failed.
- According to the company, less than 0.3% of its customers have been affected and there’s no material impact on business.
Fortinet, the cybersecurity giant, has confirmed that it has suffered a data breach.
The incident came to light on early September 12 when a threat actor posted on a hacking forum that he had stolen 440 GB of data from Fortinet’s Microsoft SharePoint server. The post also contained the credentials to a S3 bucket where the stolen data is stored and available for download.
The hacker group, which goes by the name “Fortibitch,” tried to extort a ransom from the company but, upon their refusal, published the data online.
What Does Fortinet Have to Say About This?
“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers.” – Fortinet in a statement
Initially, the company refused to divulge how many customers have been affected or what kind of data was stolen. However, later, through an update on its site, it revealed that less than 0.3% of its customers have been affected.
There’s no sign of targeted malicious activity towards them as of now, which is good. All impacted customers (which mostly includes customers from the Asia-Pacific region) have been notified about the incident.
Fortinet also confirmed that its product and services have not been impacted and there’s no sign of unauthorized access on any of its other products. There’s also no sign of data encryption, deployment of ransomware, or access to Fortinet’s corporate network.
Also, since the number of customers affected was quite small, there’s no material impact on the company’s finances or operation.
The company contacted the law enforcement agency immediately after the attack was discovered – the investigation is still underway. An external forensics team was also hired, in addition to Fortinet’s in-house forensic team, to ensure an incident like this never happens again.
About the Company
Fortinet is the third-largest cybersecurity firm in the US with a total valuation of $60 billion. Based in California, it’s known for providing firewalls and endpoint security to companies around the world.
This has been a difficult year for Fortinet so far. Prior to this incident, it faced three other small security lapses.
- The first one was in January, when two critical flaws were discovered in its FortiOS and FortiProxy HA cluster codes. The company patched them, but there’s no way to be sure if there was any exploitation before the patch.
- There were two more critical flaws and an issue with Fortinet’s operating system in February. Customers were slow to apply the fixes, as a result of which more than 100,000 devices were exposed online. During this time, China’s Volt Typhoon hacking group also began targeting Fortinet devices.
- Lastly, in June, Chinese hackers breached the Netherlands Ministry of Defense’s security using an unknown flaw. This flaw remained undetected for two months. At that time, around 20,000 additional FortiGate firewalls were compromised before the company finally became aware of the attacks.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
