Fortinet customer data exposed through third-party cloud storage

Hanno Labuschagne

Hanno Labuschagne

Journalist
Staff member
Joined
Sep 2, 2019
Messages
6,453
Reaction score
4,733
Fortinet customer data exposed through third-party cloud storage

The cybersecurity firm Fortinet Inc. said Thursday that someone had broken into a “limited” number of files that contained information related to some of its customers.

The Sunnyvale, California-based company, which sells network security solutions, said it has communicated directly with its customers on the matter.

[Bloomberg]
 
so it was a limited number of customers. Just a few. Not many. Not as many as other breaches. Ours was just a limited few. Not too many.
 
These statements always include the word "limited". Of course it was limited, they do not have an infinite number of files.
 
"The cybersecurity firm Fortinet Inc"

Obviously great at their core business.......................
 
“An individual gained unauthorised access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers,” Fortinet said in an emailed statement.
Click to expand...

Why not mention the third-party by name? Odd to give them protection, when they who share the data are also exposed, no?

Whenever there is a data breach, the oddest explanations are provided. The above isn't all transparent.

Now I am curious, at which 'access point' was unauthorised access gained? Is it Fortinet or a third party that was compromised, or is this, yet, another incident where a node was vulnerable due to direct access?
 

Fortinet Data Breach Impacts Customer Information​


Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Fortinet on Thursday confirmed suffering a data breach impacting customers after a hacker leaked files allegedly belonging to the cybersecurity company.

The hacker, who uses the online moniker ‘Fortibitch’, made the announcement on a popular hacking forum and claimed that the data — 440 Gb in total — came from an Azure Sharepoint instance.

The threat actor indicated that the decision to make the stolen data available came after Fortinet refused to pay a ransom.

The hacker has shared information for accessing an AWS S3 bucket that allegedly stores the data, but SecurityWeek has not attempted to access it. Several users of the hacker forum complained about not being able to gain access to the files.

Shortly after the hacker posted the information for obtaining the data, Fortinet issued a security incident notice, confirming that “an individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive”.

The cybersecurity giant said the compromised data included limited information related to less than 0.3% of its customers.
Click to expand...

OK, the third-party is Amazon AWS. Someone at Fortinet's side was negligent or malicious.
 
www.fortinet.com

Notice of Recent Security Incident | Fortinet Blog

Fortinet shares information on a recent security incident involving Fortinet and our response to-date.…
www.fortinet.com www.fortinet.com

Notice of Recent Security Incident​

Protecting the security of our customers and safeguarding our data and the integrity of our business operations is at the forefront of everything we do. We would like to share information about a recent security incident involving Fortinet and our response to-date.

An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers. To be clear:
  • To-date there is no indication that this incident has resulted in malicious activity affecting any customers.
  • Fortinet’s operations, products, and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource.
  • The incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network.
  • Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans.
  • Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results.
After identifying the incident, we immediately began an investigation, contained the incident by terminating the unauthorized individual’s access, and notified law enforcement and select cybersecurity agencies globally. A leading external forensics firm was engaged to validate our own forensics team’s findings. Moreover, we have put additional internal processes in place to help prevent a similar incident from reoccurring, including enhanced account monitoring and threat detection measures.
Click to expand...

I won't be surprised that this was a possible act by a disgruntled employee.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X