December 4, 2020, the Stormshield teams detected a security incident that resulted in an unauthorized access to a technical portal used, in particular, by our customers and partners for the management of their support tickets on our products.
Personal data and technical exchanges associated with certain accounts may have been consulted. We immediately alerted the account owners on the portal and we notified the French authorities. As a precaution, the passwords of all accounts were reset and we applied additional measures to the portal in order to reinforce its security. All the support tickets and technical exchanges in the accounts concerned have been reviewed and the results have been communicated to the customers. At the same time, we have also applied similar preventive measures to the Stormshield Institute portal, used for the management of our training courses.
Further investigations in the context of this incident have revealed the leakage of some parts of the SNS (Stormshield Network Security) source code. This information has also been communicated to our customers. As of today, the in-depth analysis carried out with the support of the relevant authorities has not identified any evidence of illegitimate modification in the code, nor have any of the Stormshield products in operation been compromised.
Our teams are mobilized to ensure the best security of our customers' infrastructures. Thus, as an additional precautionary measure, we have anticipated the replacement of the trusted certificate that signs and ensures the integrity of the SNS (Stormshield Network Security) releases and updates. New updates have been made available to customers and partners so that their products can work with this new certificate. Our technical support remains at the disposal of the account owners on the MyStormshield and Stormshield Institute portals to obtain the specific information that concerns them.
All the activities and technical resources that serve our customers and partners are still fully operational. No failure of the Stormshield solutions was identified during the investigations.
Companies like Stormshield, that provide cybersecurity solutions against the explosion of cyberthreats, would appear to be a new target for highly prepared and experienced attackers.
We will continue to bring visibility on this incident, depending on the elements that we are able to communicate.
Update - April 2021
Following the security incident at Stormshield, all the technical checks and analyses of our environments, carried out for several weeks, have now been completed.
These actions, performed in conjunction with the relevant authorities, confirmed the integrity of the source code of SNS – Stormshield Network Security – products and ensured that there was no further impact other than those that had been identified.
As a result, on Friday 2 April, ANSSI lifted the placing under observation of the qualifications and approvals of SNS products. The qualifications thus return to the level of recommendation they had before the incident was detected and guarantee ANSSI's renewed confidence in our technologies.