Fortinet confirms data breach after hacker claims to steal 440GB of files

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.

Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services.

Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download.

BleepingComputer has not accessed this storage bucket to confirm if it contains Fortinet's stolen files.

The threat actor, known as "Fortibitch," claims to have tried to extort Fortinet into paying a ransom, likely to prevent the publishing of data, but the company refused to pay.

In response to our questions about incident, Fortinet confirmed that customer data was stolen from a "third-party cloud-based shared file drive."

"An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers," the company told BleepingComputer.

Earlier today, Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it "communicated directly with customers as appropriate."

A later update shared on Fortinet's website says that the incident affected less than 0.3% of its customer base and that it has not resulted in any malicious activity targeting customers.

The cybersecurity company also confirmed that the incident did not involve any data encryption, ransomware, or access to Fortinet's corporate network.

BleepingComputer contacted Fortinet with additional questions about the breach but has not received a reply at this time.

In May 2023, a threat actor claimed to have breached the GitHub repositories for the company Panopta, who was acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.

Update 9/12/24: Added updated information Fortinet.