The mysterious case of the 3 million-toothbrushes DDoS attack — was original report a hypothetical scenario that never happened... or is the truth elsewhere?

 Red padlock open on electric circuits network dark red background.
Red padlock open on electric circuits network dark red background.

A tale of three million hacked electric toothbrushes used to launch a DDoS attack has sparked skepticism among cybersecurity experts. The story, which originated from cybersecurity firm Fortinet went viral, raising questions about its authenticity.

Last week, Swiss news site Aargauer Zeitung reported that three million manipulated toothbrushes were involved in a cyberattack. The case, presented by Fortinet, a global cybersecurity leader, quickly gained traction, featuring in international media outlets such as the Independent and Times of India.

However, the story was met with skepticism, with some experts labeling it as "pure fiction" and "an invented example." Others claimed there was no evidence to suggest such an attack ever occurred. Cybersecurity expert Kevin Beaumont even highlighted that the story was being used as propaganda in Russian Telegram chats.

Contradicting statements

Fortinet issued a statement, carried by several media outlets, including BleepingComputer, saying "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred."

However, the following day, the author of the original story at Aargauer Zeitung disputed this, saying, "Fortinet provided specific details: information about how long the attack took down a Swiss company's website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers. The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to."

The case of the three million toothbrushes DDoS attack continues to be shrouded in mystery for now, leaving us all wondering exactly where the truth lies.

More from TechRadar Pro