A data breach has been confirmed by cybersecurity firm Fortinet where user data was taken from its Microsoft Sharepoint server and posted to a hacking forum, as reported by BleepingComputer.
The threat actor known as “Fortib**ch” shared credentials to an alleged S3 bucket containing 440GB of data for download. Despite attempts to extort money from Fortinet, the cybersecurity company refused to pay. While Fortinet has informed affected users about the breach, the specific data taken by the threat actor has not been revealed.
In response to inquiries by BleepingComputer, the cybersecurity company stated, “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers.”
The extent of the impact on users has not been confirmed yet, but it is known that users in the Asia-Pacific region were affected. Despite the breach, operations at the company remain unaffected and services continue to run smoothly.
It is hoped that more details about the breach will be released soon. This incident is not the first for Fortinet, as Chinese hackers were reported to have breached 20,000 protected systems globally over a period between 2022 and 2023 to inject malware into vulnerable networks.
Based in Sunnyvale, California, Fortinet is a leading provider of secure networking products including VPN services, routers, and firewalls. It is valued at nearly $60 billion and is a key player in the cybersecurity industry.
This breach is just one of several data breaches recently reported. Earlier in the week, credit card information from 1.7 million users was stolen from payment gateway provider Slim CD.
