Credentials for Nearly 500,000 Fortinet VPN Users Leaked

Hackers Leak Passwords for Fortinet VPN Servers

A list with nearly half a million Fortinet VPN user credentials, allegedly scraped from unprotected devices, is now being shared on hacker forums across the dark web.

On Tuesday, a threat actor known as “Orange”, thought to be a member of the popular ransomware gang “Groove”, posted a link on the newly launched RAMP hacking forum to a file containing thousands of Fortinet VPN accounts. Analysis completed of the file shows that it contains 498,908 user credentials, for 12,856 devices, in 74 different countries, on Fortinet VPN servers. For more information, read the full article here.

Fortinet confirmed Wednesday that access information to 87,000 unpatched FortiGate SSL-VPN devices have been disclosed. The hacker is believed to have exploited a previously discovered vulnerability, that has since been patched, although the hacker claims the logins are still valid. Fortinet has urged to reset user passwords for all organizations that used any of the affected versions, even if patches have been deployed. To see the list of affected versions, view the CVE record here.

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.