Cybersecurity firm Fortinet has acknowledged that unauthorized user data was extracted from its Microsoft SharePoint server and subsequently appeared on a hacking forum earlier today. Reports from BleepingComputer reveal that the hacker, known as "Fortib**ch," shared login credentials linked to an alleged S3 bucket, suggesting that the data volume may be as high as 440GB.
In an attempt to blackmail Fortinet, the hacker demanded a ransom; however, the company declined to pay. While Fortinet has already reached out to the affected users, details regarding the specific nature of the compromised data remain undisclosed.
The company stated in response to inquiries that an individual accessed a limited number of files on Fortinet’s cloud-based shared file storage, which contained restricted information pertaining to a small group of its customers. As of now, Fortinet has not provided a specific number of users impacted by this breach, although it confirmed that those in the Asia-Pacific region were affected. Fortunately, the breach did not disrupt the company’s operations, and services continue to function normally.
It’s anticipated that Fortinet will provide further details on the breach’s impact soon. This incident marks yet another security challenge for the company, which had previously experienced a significant breach involving Chinese hackers who allegedly compromised around 20,000 Fortigate systems globally, introducing malware into vulnerable networks during 2022 and 2023.
Based in Sunnyvale, California, Fortinet specializes in secure networking technologies, including VPN services, routers, and firewalls, boasting a valuation nearing $60 billion. This breach is part of a broader trend of data security incidents, with a recent report highlighting that 1.7 million users had their credit card information stolen from payment gateway provider Slim CD.