FortiBleed Exposes 86k Fortinet Device Credentials
A large-scale credential theft campaign dubbed FortiBleed compromised over 86,000 internet-facing Fortinet firewalls and VPN appliances across 194 countries, yielding a database of 86,644 verified credentials. The campaign, linked to a Russian-speaking actor, impacted government and critical infrastructure organizations. CISA issued an alert urging device hardening.
- credentials
- vpn
A credential theft operation known as FortiBleed has exposed verified login details for 86,644 Fortinet firewalls and VPN appliances spanning 194 countries, according to public reporting. The campaign, attributed to a Russian-speaking threat actor, targeted internet-facing devices and produced a database that includes credentials for government agencies and critical infrastructure operators.
SecurityWeek and BleepingComputer reported that the breach involved the large-scale harvesting of administrative credentials from Fortinet devices. The compromised information centers on VPN and firewall access points rather than end-user personal data. CISA responded by issuing an alert that called on organizations to harden their devices, change default passwords, and apply the latest firmware updates. Available reporting describes the actor leveraging known vulnerabilities and weak configurations to gain initial access before exfiltrating credentials at scale.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →