Fortinet confirms data breach after hacker claims to steal 440GB of files
pMicrosoft rereleases Exchange updates after fixing mail deliveryppSpyLoan Android malware on Google play installed 8 million timesppNew Windows Server 2012 zeroday gets free unofficial patchesppTor needs 200 new WebTunnel bridges to fight censorshipppMozilla really wants you to easily set Firefox as default Windows browserppIts only 50 to train for these CompTIA exams in this course dealppGoogle Chromes AI feature lets you quickly check website trustworthinessppNovel phising campaign uses corrupted Word documents to evade securityppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppCybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the companys Microsoft Sharepoint serverppFortinet is one of the largest cybersecurity companies in the world selling secure networking products like firewalls routers and VPN devices The company also offers SIEM network management and EDRXDR solutions as well as consulting servicesppEarly this morning a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinets Azure Sharepoint instance The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to downloadppBleepingComputer has not accessed this storage bucket to confirm if it contains Fortinets stolen filesppThe threat actor known as Fortibitch claims to have tried to extort Fortinet into paying a ransom likely to prevent the publishing of data but the company refused to payppIn response to our questions about incident Fortinet confirmed that customer data was stolen from a thirdparty cloudbased shared file driveppAn individual gained unauthorized access to a limited number of files stored on Fortinets instance of a thirdparty cloudbased shared file drive which included limited data related to a small number of Fortinet customers the company told BleepingComputerppEarlier today Fortinet did not disclose how many customers are impacted or what kind of data has been compromised but said that it communicated directly with customers as appropriateppA later update shared on Fortinets website says that the incident affected less than 03 of its customer base and that it has not resulted in any malicious activity targeting customersppThe cybersecurity company also confirmed that the incident did not involve any data encryption ransomware or access to Fortinets corporate networkppBleepingComputer contacted Fortinet with additional questions about the breach but has not received a reply at this timeppIn May 2023 a threat actor claimed to have breached the GitHub repositories for the company Panopta who was acquired by Fortinet in 2020 and leaked stolen data on a Russianspeaking hacking forumppUpdate 91224 Added updated information FortinetppHacker gets 10 years in prison for extorting US healthcare providerppUS indicts Snowflake hackers who extorted 25 million from 3 victimsppCisco says DevHub site leak wont enable future breachesppInterbank confirms data breach following failed extortion data leakppCisco takes DevHub portal offline after hacker publishes stolen datappAnother credential hack huh
but the company refused to pay GoodppInteresting name for a hacker Wonder if they thought about just using any one of the vulnerabilities on Fortinet firewalls insteadppyeah
Ill bet he asked for 40mio ransom ppAs I was reading the article I was served an ad telling me that my house smells like cat pee Its time to turn my blocker back onppFortinet confirmed that customer data was stolen from a thirdparty cloudbased shared file drive
Third party that Fortinet purchased and is responsible for managing access to on their Sharepoint instance It is like deflecting the blame to an operator of storage space for theft because the tenant lost track of who has copies of the keys to the lockerppThats to say their corporate network wasnt breached but a cloudbased solution separated from their internal networkppYes but in this day and age if most of a companies data is hosted on the cloud who cares about their internal network anyway besides Fortinet All the juicy stuff is on the cloud To the one whose data was compromised what console is there in hearing that the compromise was not on Fortinents internal network And that is not even taking SSO into consideration and it is possible that those SharePoint credentials could be used across different services across Azure
And for customers Fortinet they really dont care if the breach was on premise or the cloud their data was breachedppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppThe Actual Cost of Forgotten PasswordsppHow to leverage 200 million FCC program boosting K12 cybersecurityppSolving the painful password problem with better policiesppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
but the company refused to pay GoodppInteresting name for a hacker Wonder if they thought about just using any one of the vulnerabilities on Fortinet firewalls insteadppyeah
Ill bet he asked for 40mio ransom ppAs I was reading the article I was served an ad telling me that my house smells like cat pee Its time to turn my blocker back onppFortinet confirmed that customer data was stolen from a thirdparty cloudbased shared file drive
Third party that Fortinet purchased and is responsible for managing access to on their Sharepoint instance It is like deflecting the blame to an operator of storage space for theft because the tenant lost track of who has copies of the keys to the lockerppThats to say their corporate network wasnt breached but a cloudbased solution separated from their internal networkppYes but in this day and age if most of a companies data is hosted on the cloud who cares about their internal network anyway besides Fortinet All the juicy stuff is on the cloud To the one whose data was compromised what console is there in hearing that the compromise was not on Fortinents internal network And that is not even taking SSO into consideration and it is possible that those SharePoint credentials could be used across different services across Azure
And for customers Fortinet they really dont care if the breach was on premise or the cloud their data was breachedppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppThe Actual Cost of Forgotten PasswordsppHow to leverage 200 million FCC program boosting K12 cybersecurityppSolving the painful password problem with better policiesppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
