Nearly 500,000 Fortinet VPN Accounts Leaked By Hackers
Exploit: Hacking
Company: Fortinet
Industry: Technology, Network Security Solutions Provider
Sources: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
It has been reported that almost 500,000 Fortinet VPN login names and passwords have been stolen after the data was recently leaked onto hacking forums. The threat actor that obtained the data claims the info was taken from exploitable devices last summer and although the vulnerability has been patched, many of the VPN credentials are still valid.
In a statement to address the issue, Fortinet confirmed, “While they may have since been patched, if the passwords were not reset, they remain vulnerable."
What makes this incident significant is that if left unchanged, the VPN credentials could potentially allow anyone in their possession network access to install malware, deploy ransomware, or execute further data exfiltration.
Next Steps For Fortinet Server Admins
As the data has been leaked onto multiple data leak sites, it is advisable for any administrators of Fortinet VPN servers to assume the compromised credentials are valid and act accordingly.
Perform a forced reset of all user passwords
Check your logs for possible intrusions or other suspicious activity
Ensure the latest patches have been installed
Update your Incident Response plan
If you would like to check the list of known devices compromised that were compromised, click here for cyber security researcher, Cypher’s, list of the leaked device's IP addressees.
Find out how we can help you defend your business against modern cyber threats.
More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your business against today’s most prevalent threats.