Fortinet Hit by Data Breach: Hacker Steals 440GB of Sensitive Files

Fortinet, a global cybersecurity leader, has confirmed a significant data breach following claims by a hacker who alleged the theft of 440GB of files from the company's Microsoft SharePoint server. The breach was disclosed after the threat actor, known as “Fortibitch,” posted details of the stolen data on a hacking forum.

  • Nature of the Breach: The breach reportedly involved unauthorized access to Fortinet’s Azure SharePoint instance, where 440GB of files were stolen. The attacker shared credentials to an S3 bucket where the stolen data was stored, making it available to other cybercriminals.
  • Failed Ransom Demand: The hacker claimed to have attempted to extort Fortinet into paying a ransom to prevent the data from being leaked, but Fortinet refused the demand. There has been no indication that Fortinet paid or negotiated with the attacker.
  • Customer Data Impacted: Fortinet confirmed that the incident involved customer data stored on a third-party cloud-based shared file drive. While the company has not disclosed the specific nature of the data stolen, it stated that less than 0.3% of its customer base was affected.
  • No Malicious Activity Detected: Fortinet reassured customers that the breach has not resulted in any malicious activity targeting customers, and there was no involvement of ransomware or data encryption. Additionally, the company's corporate network was not breached during the attack.
  • Previous Incident: This breach comes months after another incident in May 2023, when a threat actor claimed to have breached the GitHub repositories of Panopta, a company acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.

In light of this breach, Net Protector Cyber Security advises businesses to take the following actions to secure their own systems and data:

  1. Use Endpoint Security Solutions: Deploy NPAV Endpoint Security to protect your systems from data breaches, unauthorized access, and malware attacks.
  2. Review Cloud Security: Ensure that cloud-based services such as SharePoint are properly secured with multi-factor authentication (MFA) and regular security audits.
  3. Monitor and Detect Threats: Implement Network Intrusion Detection Systems (NIDS) and Intrusion Prevention Systems (IPS) to monitor for suspicious activities and protect against unauthorized access.
  4. Perform Data Encryption: Encrypt sensitive data both in transit and at rest to minimize the risk of exposure in the event of a breach.
  5. Update Incident Response Plans: Regularly update your incident response and disaster recovery plans to quickly mitigate any damage caused by breaches.
  6. Educate Employees: Conduct ongoing cybersecurity training to ensure employees recognize phishing attempts, credential theft schemes, and data handling protocols.

Net Protector Cyber Security continues to monitor the ongoing Fortinet breach for new developments and recommends that businesses remain vigilant in their cybersecurity practices.