Fortinet has confirmed a data breach affecting a limited number of its customers, occurring after unauthorized access was gained to data on a third-party cloud platform. The breach was publicized by a hacker identified as "Fortibitch," who leaked a substantial 440GB of customer information on BreachForums this week.
"Fortibitch,"
The hacker claimed to have acquired the sensitive data from an Azure SharePoint site. They alleged that the data was released only after Fortinet refused to engage in ransom negotiations. This incident serves as a stark reminder for organizations about the critical need to secure their data, particularly in Software as a Service (SaaS) and cloud environments.
In an advisory released on September 12, Fortinet clarified, "Someone had gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party, cloud-based shared file drive." The company emphasized that the breach affected less than 0.3% of its customer base, which translates to approximately 2,325 organizations given their total of over 775,000 clients worldwide.
Impact and Legacy
“In response to this incident, Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans,” the company stated. Crucially, Fortinet reported that there were no signs of malicious activity associated with the compromised data, asserting that the incident did not involve data encryption, ransomware deployment, or access to Fortinet’s corporate network. They also indicated that they do not anticipate any significant impact on their operations or finances.
Cybersecurity researchers at CloudSEK added an important perspective. They noted that the threat actor using the "Fortibitch" pseudonym leaked not just customer information but also a range of additional documents, including financial and marketing data, HR information from India, and employee data.
"Fortibitch"
"The actor attempted to extort the company but, after unsuccessful negotiations, released the data," CloudSEK reported. This insight suggests that the hacker might have initially intended to sell the data if it had been more valuable.
"The actor attempted to extort the company but, after unsuccessful negotiations, released the data,"
Fortinet has not confirmed whether the hacker attempted to communicate with them directly regarding the ransom demand. Nonetheless, the security vendor’s swift response underscores a proactive approach in managing customer risk amid such incidents.
This breach highlights the vulnerabilities present in cloud-based resources, reinforcing the ongoing discussions about cybersecurity diligence among businesses. Organizations are urged to scrutinize and enhance their security measures related to third-party services, as reliance on these platforms continues to grow.
As companies increasingly depend on cloud environments for storing sensitive information, the importance of strong security practices cannot be overstated. This incident with Fortinet serves as a critical reminder of the repercussions that may arise from inadequately secured third-party data handling.