Fortinet, a leading cybersecurity firm, has confirmed a data breach impacting a limited number of its customers. As reported by BleepingComputer, a threat actor using the alias “Fortib**ch” claimed to have stolen 440GB of data from Fortinet’s Microsoft SharePoint server and posted the information on a hacking forum. The actor also shared credentials to an alleged S3 bucket containing the stolen files.
The perpetrator attempted to extort Fortinet, but the company refused to pay. While Fortinet has acknowledged the breach and contacted affected users, they haven’t disclosed the specific nature of the compromised data.
In a statement to BleepingComputer, Fortinet stated, “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers.” The company confirmed the breach primarily affected customers in the Asia-Pacific region, though the exact number of impacted users remains undisclosed. Fortinet assured that the incident has not disrupted its operations or services.
This isn’t Fortinet’s first encounter with security vulnerabilities. Between 2022 and 2023, Chinese hackers reportedly compromised approximately 20,000 Fortigate systems globally, exploiting a network weakness to inject malware, as per BleepingComputer.
Headquartered in Sunnyvale, California, Fortinet is a major player in the cybersecurity industry, offering a range of network security products including VPNs, routers, and firewalls. The company boasts a market valuation of nearly $60 billion.
This breach follows a recent trend of high-profile data security incidents. Earlier this week, payment gateway provider Slim CD reported the theft of 1.7 million users’ credit card information. The increasing frequency of such incidents underscores the ongoing challenges in maintaining robust cybersecurity measures.
Fortinet’s data breach serves as a stark reminder of the vulnerabilities even leading cybersecurity companies face. The incident highlights the importance of continuous vigilance and proactive security measures in protecting sensitive data in today’s interconnected world. Hopefully, Fortinet will soon provide more transparency regarding the scope and impact of this breach.
