Cybersecurity firm Stormshield hacked. Data (including source code) stolen

Graham Cluley
@gcluley

Cybersecurity firm Stormshield hacked, data (including source code) stolen

French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information.

The company, which is a major provider to the French government, says that a hacker managed to steal data after gaining access to a portal used by customers and partners, potentially accessing support tickets and communications with staff.

Although Stormshield has not shared details of how many customers have been affected by the breach, it does say it has informed all those who might have been impacted, and that passwords for all accounts have been reset.

While investigating the security breach, Stormshield also discovered that some of the source code for the Stormshield Network Security (SNS) firewall was also stolen.

This raises the spectre of a malicious attacker either uncovering security holes in the firewall that might be exploited in later attacks, or the creation of malicious updates.

Sign up to our newsletter
Security news, advice, and tips.

As a precautionary measure, the French cyber-security agency ANSSI says it has put Stormshield’s products “under observation” while the breach continues to be investigated.

In addition, the vendor has replaced the digital certificates used to sign updates to Stormshield Network Security. Updates have been made available to customers and partners.

Forgetting for one moment the obvious concern that Stormshield’s customers and partners must be feeling, this is also a nightmare for the French cybersecurity firm.

But they’re not the first cybersecurity firm to be hacked, and they certainly won’t be the last.

It would be fascinating to know who might have perpetrated the attack, and what they might be planning to do with the information that they have stolen.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.