Fortinet confirms data breach after hackers leaked 440 GB of data

A hacker claims to have stolen 440GB of data from cybersecurity firm Fortinet by exploiting a vulnerability in Azure SharePoint. The data theft, dubbed “Fortileak,” was revealed in a forum with credentials shared online.

A hacker using the alias “Fortibitch” has claimed responsibility for the loss of 440GB of data belonging to the well-known Sunnyvale, California-based cybersecurity company Fortinet. The hacker stated that the stolen data can now be downloaded via an Amazon S3 bucket. Details of the data loss and the access credentials were shared on the popular underground forum Breach Forum.

The Break: Fortileak

Synchronized Fortileak The hacker claims the breach was due to a vulnerability in Fortinet's Azure SharePoint instance. In the forum post, the hacker referenced Fortinet's recent acquisitions, including data loss prevention (DLP) company Next DLP and cloud security company Lacework. They then claimed that Fortinet's Azure SharePoint had been compromised, allowing the extraction of the extensive data cache.

The full extent of the compromised data remains unclear, although the hacker stressed that the breach affected Fortinet's cloud infrastructure. The hacker provided the following credentials to access the allegedly stolen data:

Ransom demands and failed negotiations

In another twist, the hacker claimed that Fortinet's CEO Ken Xie had broken off ransom negotiations. In the forum post, the hacker mocked Xie, claiming that the CEO refused to engage and stating that he would “rather eat some crap than pay ransom.” The hacker also questioned why Fortinet had not filed an SEC Form 8-K (PDF) – a document that publicly traded companies are required to disclose major incidents.

The post also contained a mixture of taunts and insults towards other individuals or groups, which seemed to underline the hacker's brazen attitude towards the attack and its aftermath.

Fortinet’s response

Hackread.com has reached out to Fortinet for an official comment on the data breach. A company spokesperson confirmed that an unauthorized individual gained access to a limited number of files stored on a third-party cloud-based shared file drive. These files contained data related to a “small” subset of Fortinet customers.

In their statement to Hackread.com, Fortinet assured stakeholders that there was no evidence of malicious activity affecting its customers. They stressed that the company's operations, products, and services were not affected by the breach. Fortinet stated that they had already communicated directly with the affected customers and would continue to closely monitor the situation.

“An individual gained unauthorized access to a limited number of files stored on Fortinet's instance of a third-party cloud-based shared file drive. This included limited data from a small number of Fortinet customers. We have communicated directly with customers as needed. To date, there is no indication that this incident resulted in malicious activity affecting customers. Fortinet's operations, products, or services were not impacted.”

Fortinet spokesperson

This is not the first time Fortinet has faced a cybersecurity incident. Last year, it was reported that Chinese hackers exploited a zero-day vulnerability in the company's products. In another case, hackers were found to have exploited a vulnerability in FortiOS, the operating system for Fortinet's security devices, to compromise organizations and customers.

However, the full extent of the breach is still under investigation and it is unclear whether the allegedly stolen data will be used for malicious purposes or if there are further developments in the ransom negotiations. As more information emerges, both customers and cybersecurity experts will be closely monitoring the impact of this incident.

RELATED TOPICS

1. The world's leading cybersecurity company Kaspersky has been hacked
2. CISA and Fortinet warn of new zero-day vulnerabilities in FortiOS
3. X-account of Google cybersecurity firm Mandiant hacked
4. Cybersecurity firm hacks itself and finds AWS credential leak
5. Hackers reveal Fortinet VPN users' credentials in plain text