The hacker claims to have stolen 440 GB of files from one of the world’s largest security companies. Fortinet confirmed that it was the victim of a data breach that affected less than 0.3 percent of its customer base.
According to the hacker, who calls himself “Fortibitch,” Fortinet did not cooperate in paying a ransom. However, no ransomware was installed during the incident, the security company said, and the hacker did not have access to the company network. Thus, Fortibitch’s demand is more like a threat that is often used by hackers: pay up, or we’ll make the stolen data public.
The latter happened last Thursday. Fortibitch posted a message on an underground forum offering the 440 GB of data for download. This data contained customer information, although the exact details of the data breach are not fully known.
Data shared publicly
On one side is the hacker’s story. Fortibitch claims to have stolen the data via access to Fortinet’s SharePoint server. He also shared the login credentials to an S3 bucket, which stores potentially sensitive data of Fortinet customers. In addition, he questions why Fortinet did not notify the U.S. stock market watchdog about the breach, which is mandatory for publicly traded companies.
Fortinet responded: “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers.”
The security company sees no further evidence that the incident led to malicious activity toward customers. Nor were Fortinet’s operations, products and services affected.
Tip: Fortinet enhances OT security with networking and operations options