Cybersecurity big Fortinet has confirmed it suffered a knowledge breach after a risk actor claimed to steal 440GB of recordsdata from the corporate’s Microsoft Sharepoint server.
Fortinet is among the largest cybersecurity firms on this planet, promoting safe networking merchandise like firewalls, routers, and VPN units. The corporate additionally presents SIEM, community administration, and EDR/XDR options, in addition to consulting providers.
Early this morning, a risk actor posted to a hacking discussion board that they’d stolen 440GB of information from Fortinet’s Azure Sharepoint occasion. The risk actor then shared credentials to an alleged S3 bucket the place the stolen knowledge is saved for different risk actors to obtain.
BleepingComputer has not accessed this storage bucket to verify if it incorporates Fortinet’s stolen recordsdata.
The risk actor, often known as “Fortibitch,” claims to have tried to extort Fortinet into paying a ransom, more likely to stop the publishing of information, however the firm refused to pay.
In response to our questions on incident, Fortinet confirmed that buyer knowledge was stolen from a “third-party cloud-based shared file drive.”
“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers,” the corporate advised BleepingComputer.
Fortinet didn’t disclose what number of clients are impacted or what sort of knowledge has been compromised however mentioned that it “communicated directly with customers as appropriate.”
BleepingComputer contacted Fortinet with further questions concerning the breach however has not acquired a reply presently.
In Could 2023, a risk actor claimed to have breached the GitHub repositories for the corporate Panopta, who was acquired by Fortinet in 2020, and leaked stolen knowledge on a Russian-speaking hacking discussion board.