Company claims only a limited number of files were stored in an S3 bucket.
Fortinet has said it experienced a “recent security incident” which may have seen 440 GB of data stolen and exposed.
In a statement, the company said an individual gained unauthorised access to a limited number of files stored on Fortinet’s third-party cloud-based shared file drive.
This drive contained limited data related to a less than 0.3 percent of Fortinet customers, and the company’s investigation found no indication that this incident has resulted in malicious activity affecting any customers, or impact on Fortinet’s operations, products, and services.
The company also dismissed any use of ransomware, or ‘data encryption’, and upon discovery of the incident it “immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans.”
‘Fortibitch’
However a threat actor naming themselves "Fortibitch" posted on a hacking forum a claim that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance.
According to Bleeping Computer, the shared credentials were shared to a S3 bucket for other threat actors to download.
The threat actor also claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.