Security Incident concerning Stormshield

Recently, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.

Personal data and technical exchanges associated with certain accounts may have been consulted. We immediately alerted the account owners on the portal and we notified the French authorities. As a precaution, the passwords of all accounts were reset and we applied additional measures to the portal in order to reinforce its security. All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers. At the same time, we have also applied similar preventive measures to the Stormshield Institute portal, used for the management of our training courses.

Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code. This information has also been communicated to our customers. As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.

Our teams are mobilized to ensure the best security of our customers' infrastructures. Thus, as an additional precautionary measure, we have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS (Stormshield Network Security) releases and updates. New updates have been made available to customers and partners so that their products can work with this new certificate. Our technical support remains at the disposal of the account owners on the MyStormshield and Stormshield Institute portals to obtain the specific information that concerns them.

All the activities and technical resources that serve our customers and partners are still fully operational. No failure of the Stormshield solutions was identified during the investigations.

Companies like Stormshield, that provide cybersecurity solutions against the explosion of cyberthreats, would appear to be a new target for highly prepared and experienced attackers. We will continue to bring visibility on this incident, depending on the elements that we are able to communicate.

 

Last update: 02/03/21