FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
Publish Date: 2026-06-18 08:54:39
Source Domain: www.bleepingcomputer.com
A massive data leak, named “FortiBleed,” has exposed Fortinet and FortiGate VPN credentials for 73,932 firewall URLs, belonging to prominent global organizations. Security researcher Bob Diachenko discovered this breach after finding a server with valid Fortinet VPN credentials, including plaintext passwords and emails. The affected organizations span across major industry sectors like telecommunications, IT services, and manufacturing and include names such as Chevron, Samsung, and Comcast. Diachenko suggested this leak was orchestrated by a Russian-speaking threat group responsible for conducting approximately 1.16 billion credential attempts on FortiGate devices and 2.1 billion on Microsoft SQL servers. The leak’s source remains unclear, but it appears to comprise data from over half of all internet-accessible Fortinet firewalls. As a precaution, impacted organizations should rotate passwords, enforce multi-factor authentication, and conduct internal monitoring for compromised accounts.
Key Points:
– Discovery of Fortinet VPN credentials exposing 73,932 firewall URLs on a server by security researcher Bob Diachenko.
– Threat group allegedly conducted over 1.16 billion credential attempts on FortiGate devices.
– Exposed data includes valid credentials for major international companies and sectors, with the most impact seen in India and the U.S.
– Affected credentials are part of a massive, sophisticated breach involving complex and hard-to-crack passwords.
– Organizations now urged to enhance security measures including password rotation, MFA enforcement, and internal monitoring.
