Type
Incident
Actors
Unknown
Pub. date
September 12, 2024
Initial access
Unknown
Impact
Data exfiltration
Targeted technologies
SharePoint
References
https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files/
Status
Stub
Last edited
Sep 19, 2024 12:55 PM
Fortinet confirmed a data breach where a threat actor, "Fortibitch," claimed to have stolen 440GB of data from the company's Microsoft Sharepoint server. The threat actor reportedly shared access credentials to an S3 bucket containing the stolen data and attempted to extort Fortinet, which refused to pay. The stolen data was from a third-party cloud-based shared file drive and involved limited customer information.
Fortinet stated that less than 0.3% of its customer base was affected, with no resulting malicious activity targeting customers. The company emphasized that the breach did not involve data encryption, ransomware, or access to its corporate network.