Hackers accessed a poorly configured Amazon S3 bucket from Fortinet and downloaded 440 GB of data. After Fortinet refused to pay a ransom, the hackers posted the data online.

Fortinet said in a statement that malicious users had gained access to customer data in the cloud. The security specialist stressed that these were a “limited number” of files.

“An individual gained unauthorized access to a limited number of files stored on the Fortinet instance of a third-party cloud sharing file drive containing limited data from a small number (less than 0.3 percent) of Fortinet customers.”

“Fortinet’s operations, products, and services were not impacted, and we found no evidence of additional access to other Fortinet resources. The incident did not involve data encryption, the use of ransomware, or access to Fortinet’s corporate network.”

“No notification to customers required”

The above statement from Fortinet comes after a group called Fortibitch previously offered Fortinet data for sale on a dark web forum, comprising 440GB of Azure SharePoint files from an open Amazon S3 bucket containing customer data.

The hackers claim they asked Fortinet for a ransom in exchange for not posting the data online. According to The Register, Fortinet did not respond, so the data is now available on the dark web for a fee.

In its statement, Fortibitch accuses Fortinet of not informing the U.S. Securities and Exchange Commission (SEC) about the hack via a so-called 8-K form to warn customers and shareholders. Fortinet did not consider this necessary and issued the following statement.

“Given the limited nature of the incident, we have not identified a material impact on our financial condition or results of operations and we do not currently expect the incident to have a reasonable impact on our financial condition or results of operations.”

Tough year for Fortinet

Fortinet has not had a very good year in 2024 so far. In March there was a dangerous security vulnerability that affected 1,500 Belgian customers. Hackers then sold access to cracked devices online on a massive scale. In February there were critical vulnerabilities in FortiOS and SSL VPN. Even then, hackers were selling online access to corporate networks.