• Fortinet firewalls hit by huge password-stealing attack around 7

    From TechnologyDaily@1337:1/100 to All on Thu Jun 18 14:15:25 2026
    Fortinet firewalls hit by huge password-stealing attack around 75,000 users possibly affected

    Date:
    Thu, 18 Jun 2026 12:20:00 +0000

    Description:
    Researchers discovered a major database containing plaintext passwords.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researcher Bob Diachenko uncovers FortiBleed, a massive archive of 73,932 Fortinet/FortiGate VPN credentials from bruteforce and exploitation campaigns Data included
    plaintext usernames, emails, and passwords for major firms (Chevron, Samsung, Toyota, AT&T, NATO contractor, etc.), with billions of login attempts logged Fortinet says leak is a resharing of past incidents and bruteforced data, urging password rotation and MFA to minimize risk A database containing tens of thousands of login credentials for major global corporations was found sitting online, in one of the larger data leak incidents this year.

    Security researcher Bob Diachenko posted a new report on LinkedIn, saying he discovered an archive of Fortinet and FortiGate VPN credentials, counting 73,932 firewall URLs. "Massive Fortinet/FortiGate bruteforce/active exploitation campaign uncovered in action," he said. Latest Videos From Watch full video here: Fortinet responds Diachenko named the campaign FortiBleed, and said the archive contained usernames, email addresses, and passwords (in plaintext) for companies such as Chevron, Samsung , Foxconn, Comcast, AT&T, Mercedes-Benz, Toyota, Sinopec, and State Grid.

    "Thousands of top vendor instances are listed in the files like this (see screenshot). This one alone has 21,634 domain names - from Chevron to
    Fortinet itself. All - with potentially working passwords to the FortiGate appliances obtained through various means." You may like Experts warn "colossal" breach exposes 24 billion records including personal info Security study finds thousands of API credentials exposed on the web for years Microsoft flags major phishing campaign targeting 35,000 users across 26 countries

    Diachenko told BleepingComputer the archive was created by a Russian-speaking threat actor thats been harvesting credentials for FortiGate SSL VPN instances. After analyzing the database, he concluded that the attackers brute-forced their way in, running more than 1.1 billion credential attempts against more than 320,000 FortiGate instances, as well as 2.1 billion
    attempts against 160,600+ Microsoft SQL Server systems.

    Besides, they also nabbed SSL VPN authentication hashes which they later cracked and used to log into Active Directory environments.

    Multiple organizations around the world were fully compromised, Dianchenko also said, stressing that a Turkish NATO defense contractor was among them. This organization allegedly lost classified documents thanks to this breach.

    Multiple security outfits confirmed the authenticity of the leak, including Hudson Rock and security researcher Kevin Beaumont.

    Fortinet told the publication that the database is not from a new breach, but rather a collection of secrets stolen in previous incidents. What to read
    next Rapid7 observes new Palo Alto VPN flaw exploited in the wild to bypass GlobalProtect authentication Check Point says VPN attacks caused by Qilin ransomware group French email provider accidentally leaked 40 million records
    LOreal, Renault, French government data exposed

    "Based on our analysis, the data involved is a resharing of data from
    previous incidents, as well as bruteforcing of credentials, and is not
    related to any recent incident or advisory. Organizations that follow routine best practices, including regularly refreshing security credentials, as per guidance in this March blog, face minimal risk from credential compromise detail referenced in the reporting, Fortinet said. Still, it wouldnt hurt to rotate any Fortinet VPN passwords and set up MFA wherever its possible and missing.

    "Fortinet continues to investigate these reports with the security of our customers as our top priority.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fortinet-firewalls-hit-by-huge-password -stealing-attack-around-75-000-users-possibly-affected


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)