Fortinet suffers a databreach

Fortinet suffers a databreach


A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online.

A threat actor goes by an alias “Fortibitch” has claimed responsibility for leaking 440 GB of data belonging to Fortinet. The stolen data is now accessible for download via an Amazon S3 bucket, with details of the breach and access credentials shared on the popular underground forum, Breach Forum.

Advertisements

The breach dubbed as Fortileak by the hacker that allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. The full scope of the compromised data remains unclear, though the hacker emphasized that the breach involves Fortinet’s cloud infrastructure.

As per the Fortinet statement, An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate. To date, there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.

This is not the first time Fortinet has faced a cyber incident. Last year, Chinese hackers were reported to be exploiting a zero-day vulnerability in the company’s products. In another instance, hackers were found to exploit a vulnerability in FortiOS to compromise organizations and customers.

Advertisements

Fortinet detailed the incident, which only affected less than 0.3% of its customers. The company assured that there was no evidence of malicious activity or any impact on its operations, products, or services, and no ransomware was involved.

Fortinet says it acted swiftly by investigating the breach, terminating the unauthorized access, and notifying law enforcement and cybersecurity agencies. Fortinet has since enhanced its internal security measures, including improved account monitoring and threat detection, to prevent future incidents. Fortinet emphasized that the breach is unlikely to have a material impact on its financial performance.

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.