TLDR:
- Fortinet confirms the compromise of customer data leaked by a hacker named “Fortibitch”
- Data breach occurred via unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party, cloud-based shared file drive
In a recent data breach incident, Fortinet has confirmed that a “small number” of its customers had their data compromised and leaked by a hacker going by the name “Fortibitch.” The hacker leaked 440GB of data obtained from an Azure SharePoint site after the company refused to negotiate on a ransom demand. This breach serves as a stark reminder for organizations to pay attention to how they store and secure data in SaaS and cloud environments.
Despite not specifically identifying the source of the breach, Fortinet acknowledged that unauthorized access was gained to a limited number of files stored in a third-party cloud-based shared file drive. The security vendor assured that no signs of malicious activity were detected around the compromised data and took immediate steps to protect customers and communicate with them for risk mitigation. CloudSEK, a threat intelligence firm, observed the hacker attempting to sell the stolen data and then released it after negotiations failed.
The breach underscores the risks associated with data exposure in cloud environments, with over 40% of Google Drive files scanned containing sensitive data. Organizations often make fundamental mistakes in cloud security, such as not utilizing multifactor authentication, providing excessive access to sensitive assets, and storing data for extended periods without proper protection. Recommendations for enhancing cloud security include using MFA, monitoring repositories for exposed credentials, and enforcing security best practices across all teams.
By rethinking how customer data is stored in shared drives and adopting encryption for sensitive data, organizations can better protect their assets. Continuous monitoring and applying zero-trust principles to third-party platforms are essential strategies to minimize the risk of unauthorized access and data breaches.