73,932 Fortinet VPN credentials leaked in plaintext.
Across 194 countries. 21,632 unique domains. Samsung. Oracle. Comcast. AT&T. Mercedes-Benz. Toyota. Siemens. PwC.
This is not a new vulnerability. This is what happens when you don't patch.
A Russian-speaking multi-operator group ran 1.16 billion credential attempts against 320,777 FortiGate targets. They intercepted SSL VPN auth hashes, cracked them on a 45-GPU cluster, and pivoted into Active Directory.
Kevin Beaumont confirmed the data is real. The affected devices represent roughly 50% of every internet-accessible Fortinet firewall on earth.
The attackers left their own tools exposed on the same server. Their analytics, logs, and bash history were sitting in an open directory. That's how Bob Diachenko found it.
A Turkish NATO defense contractor was fully breached. Classified documents exfiltrated. Organizations across Japan, Taiwan, Vietnam, Iraq, and Turkey confirmed compromised.
The dataset includes each target's industry, revenue, and employee count. This is a prioritized ransomware shopping list.
If you run Fortinet, rotate every credential today. Enforce MFA on every interface. Audit gateway logs for lateral movement. Use the Hudson Rock lookup tool.
This is not optional. Your perimeter just evaporated.
SOURCE: https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/
VERIFIED: BleepingComputer, Kevin Beaumont (doublepulsar.com), Hudson Rock, Bitsight Threat Intelligence
SIGNAL: Half of all internet-facing Fortinet firewalls just became attacker entry points. Every enterprise using Fortinet is exposed until credentials are rotated.
Enterprise AI Impact
0 Comments