Excerpt from BleepingComputer Article, Published on Sep 12, 2024.
Cybersecurity giant Fortinet has confirmed a data breach after a hacker claimed to have stolen 440GB of data from the company’s Microsoft SharePoint server. The hacker, known as “Fortibitch,” posted on a hacking forum, sharing credentials to an alleged S3 bucket where the stolen data is stored, making it accessible to other threat actors.
Fortinet, one of the largest cybersecurity firms, provides products such as firewalls, VPNs, and network management solutions. The company also offers services like consulting, EDR/XDR, and SIEM solutions. In a statement, Fortinet acknowledged the breach, confirming that customer data was stolen from a third-party cloud-based file drive. The company stressed that the breach affected a small portion of its customers. “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive,” Fortinet said, noting that it involved “limited data related to a small number of Fortinet customers.”
Although Fortinet has not specified the exact number of customers impacted or the type of data compromised, it has reportedly communicated with affected customers. Later, Fortinet revealed that the breach impacted less than 0.3% of its customer base and that there has been no malicious activity targeting customers as a result of the incident.
The company emphasized that the breach did not involve ransomware, data encryption, or access to its corporate network. Fortinet has yet to respond to further questions about the breach, which follows a separate incident in May 2023 involving a threat actor leaking data from Fortinet-acquired Panopta’s GitHub repositories.
To delve deeper into this topic, please read the full article on BleepingComputer