Particle.news
Download on the App Store
4 ARTICLES
·
4d ago

FortiBleed Leak Reveals Tens of Thousands of Compromised Fortinet VPN and Admin Logins

Researchers say attackers recycled stolen passwords and used automated scanning to turn internet‑exposed Fortinet devices into credential‑harvesting listening posts.

A device designed to detect hacks manufactured by cybersecurity firm Fortinet. (Image: I-HWA CHENG/AFP via Getty Images)
FortiBleed Attack Exposes Credentials for Tens of Thousands of Fortinet Firewalls

Overview

  • Reports published June 17 and 18 show a dataset called FortiBleed containing roughly 73,900 unique Fortinet/FortiGate firewall URLs tied to about 21,600 domains.
  • Security researcher Volodymyr “Bob” Diachenko, Hudson Rock, and independent analyst Kevin Beaumont have partially verified the data and confirmed many entries appear to be valid VPN or admin credentials.
  • Researchers found the campaign used mass automated login attempts and fed newly captured credentials back into the system, producing billions of authentication attempts against FortiGate and MSSQL targets.
  • Kevin Beaumont and scanning data indicate most affected Fortinet devices remain online with management interfaces exposed to the internet, which raises high risk of lateral access into internal networks.
  • Hudson Rock and other firms published a FortiBleed lookup tool and urge immediate actions: rotate FortiGate and VPN passwords, enable multi‑factor authentication, restrict admin interfaces to trusted IPs, and review logs for suspicious activity.