A recent cyber breach has rocked Fortinet, a cybersecurity firm based in Sunnyvale, California, as a hacker going by the alias "Fortibitch" has claimed responsibility for stealing a staggering 440 GB of data. The breach, which has been dubbed "Fortileak," is said to have originated from an Azure SharePoint vulnerability within Fortinet’s infrastructure. The hacker shared access credentials for the stolen data on the underground forum, Breach Forum, and made the data available for download via an Amazon S3 bucket.
According to the hacker, Fortinet’s Azure SharePoint was compromised, allowing for the extraction of this extensive data cache. The hacker highlighted Fortinet’s recent acquisitions, including the DLP firm Next DLP and the cloud security company Lacework, as potential entry points for the breach. While the full breadth of the compromised data remains unclear, it is evident that Fortinet’s cloud infrastructure has been compromised in this attack.
In a surprising turn of events, the hacker claimed that Fortinet’s CEO, Ken Xie, walked away from ransom negotiations, allegedly stating that he would "rather eat some p**p than pay ransom." The hacker also criticized the company for not filing an SEC 8-K form, a required document for public companies to disclose major incidents. The forum post contained various taunts and shout-outs, showcasing the hacker’s bold and unapologetic approach to the attack.
Fortinet responded to the breach by confirming that an unauthorized individual had accessed a limited number of files stored on a third-party cloud-based shared file drive. These files contained data related to a small subset of Fortinet customers. The company assured stakeholders that there was no evidence of malicious activity affecting customers and that their operations, products, and services remained intact. Fortinet has been in direct communication with affected customers and continues to monitor the situation closely.
This incident is not the first time Fortinet has faced cybersecurity challenges, as previous reports have highlighted vulnerabilities in their products and operating systems. The full ramifications of this breach are still under investigation, raising concerns about the potential malicious use of the stolen data and the evolving nature of ransom negotiations.
As the story develops, customers and cybersecurity professionals will be closely observing the fallout from this breach. Fortinet has since published a blog post addressing the incident, reassuring customers that less than 0.3% of their customers were affected, and no evidence of malicious activity or ransomware was found. The company has taken immediate steps to enhance security measures and prevent future breaches, emphasizing that the incident is unlikely to impact their financial performance significantly.
Overall, the Fortinet breach serves as a stark reminder of the persistent threats facing cybersecurity firms and the critical importance of robust security measures in safeguarding sensitive data. Customers and stakeholders will continue to monitor the situation as Fortinet navigates the aftermath of this cyber attack.