Thousands of Fortinet VPN Account Credentials Leaked
According to a statement released by Fortinet, credentials stolen from 87,000 unpatched SSL-VPNs have been posted to an online forum by former Babuk gang members for free. On Wednesday, BleepingComputer reported that it had been a miscommunication with a threat actor who leaked nearly half a million Fortinet VPN credentials. The company stated that the credentials were scraped from exploitable devices last summer. BleepingComputer reported that the file contained credentials for 498,900 users across 12,800 devices.
Analysis showed that the IP addresses for the compromised credentials are for devices worldwide. There are roughly 22,500 entities impacted by the attacks located in 74 different countries. Fortinet has warned that the VPN credentials can be used to perform data exfiltration, install malware, and launch ransomware attacks. Therefore, companies impacted by the data leak should be extra cautious in their security protocol. Fortinet stated that entities should implement both the patch upgrade for a recent bug and reset passwords as soon as possible to avoid further risk.