Fortinet, the third-largest cyber security firm in the world, confirmed on Thursday that they suffered a data breach after a hacker claimed unauthorized access to a third-party cloud-based file-sharing service used by the company, affecting a small number of its customers in the Asia-Pacific region.
Fortinet, a company based in Sunnyvale, California, develops and sells security solutions, such as firewalls, endpoint security, and intrusion detection systems.
Interestingly, a threat actor known as “Fortibitch” claimed on a hacking forum that they had stolen 440GB of files from the companyโs Microsoft Sharepoint server. This contained the credentials to an alleged S3 bucket (a digital box to store files online) for others to download. They added that they even tried to extort Fortinet into paying a ransom, which the company refused to pay (via BleepingComputer).
โFortinet has recently acquired Next DLP. FYI, DLP is Data Loss Prevention. Theyโve also acquired Lacework, a cloud security company. Guess what? Their Azure Sharepoint got leaked. 440 GB of data available on my S3 bucket,โ read the announcement published by Fortibitch on a cybercrime forum.
In response to the incident, Fortinet posted a Notice of Recent Security Incident on Thursday, which said that an individual had managed to gain unauthorized access to a limited number of files stored on Fortinetโs instance of a third-party cloud-based shared file drive.
It also added that there is no indication that this incident has resulted in malicious activity affecting any customers.
The company added that Fortinetโs operations, products, and services remain unaffected, and no evidence of additional access to any other Fortinet resource has been identified.
Further, Fortinet also confirmed that the incident did not involve any data encryption, deployment of ransomware, or access to the companyโs corporate network.
While Fortinet did not disclose what data had been compromised, it mentioned that only a small number (less than 0.3%) of Fortinet customers were affected by the data breach, and the company has communicated with them directly as appropriate.
โGiven the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results,โ the company wrote in the Notice.
โAfter identifying the incident, we immediately began an investigation, contained the incident by terminating the unauthorized individualโs access, and notified law enforcement and select cybersecurity agencies globally. A leading external forensics firm was engaged to validate our own forensics teamโs findings.โ
The company has also implemented additional internal processes to help prevent a similar incident from reoccurring, including improved account monitoring and threat detection measures.